Reply
Explorer
Posts: 6
Registered: ‎10-29-2014

HDFS ACL Inheritance

Hi All,

 

I'm on CDH 5.3 with Sentry enabled. I have a directory with permissions set as follows:

 

[root@node1 /]# h -getfacl /directory1
# file: /directory1
# owner: hive
# group: hive
user::rwx
group::rwx
other::--x
group::CLIENTA:rwx
default:user::rwx
default:group::rwx
default:group:CLIENTA:rwx
default:mask::rwx
default:other::---

 

if I put a file here it gets created with the below permissions.

 

[root@node1 /]# h -getfacl /directory1/test
# file: /directory1/test
# owner: client_user
# group: hive
user::rw-
group::rwx #effective:r--
group:CLIENTA:rwx #effective:r--
mask::r--
other::---

 and any directory I create looks like, which means the group can't write to this.

 

[root@node1 /]# h -getfacl /directory1/testd
# file: /directory1/testd
# owner: client_user
# group: hive
user::rwx
group::rwx      #effective:r-x
group:CLIENTA:rwx        #effective:r-x
mask::r-x
other::---
default:user::rwx
default:group::rwx
default:group:CLIENTA:rwx
default:mask::rwx
default:other::---

 So the mask setting is not getting inherited, overriding the default ACLS I have set.

 

I am only using hdfs dfs commands.

 

Can anyone help me either avoid the mask being set like this, or ensure that the permissions are inherited?

 

Thanks!

 

 

Posts: 1,483
Kudos: 241
Solutions: 225
Registered: ‎07-31-2013

Re: HDFS ACL Inheritance

Check this JIRA out: https://issues.apache.org/jira/browse/HDFS-6962
Backline Customer Operations Engineer
Explorer
Posts: 8
Registered: ‎10-25-2016

Re: HDFS ACL Inheritance

Changing default umask through cloudera manager properties of HDFS from 022 to 002 helped out to get child dir inherit the permissions from parent dir.

Abhishek
Announcements