Reply
Explorer
Posts: 6
Registered: ‎08-16-2017

Hue creates home directory with wrong permissions

Hi, All

 

Hue creates user home directory in hdfs /user/<username> when the user logs in first time.

The permissions as far as I understand should be <user>:<user> on this directory, but in my case it does something else/

For example it created this for the user a.dekanovich

drwxr-xr-x   - loader               supergroup                0 2018-05-30 14:59 /user/a.dekanovich

 while it should be owned by a.dekanovich:a.dekanovich

 

Some log mining shows that it attempted to create directory as the user loader and then it couldn't do a chown as loader is not allowed to do it :

Audit log

2018-05-30 14:21:42,032 INFO FSNamesystem.audit: allowed=true   ugi=a.dekanovich (auth:PROXY) via httpfs (auth:SIMPLE)  ip=/10.218.70.10        cmd=getfileinfo src=/user/a.dekanovich  dst=null  perm=null       proto=rpc
2018-05-30 14:21:42,075 INFO FSNamesystem.audit: allowed=true   ugi=loader (auth:PROXY) via httpfs (auth:SIMPLE)        ip=/10.218.70.10        cmd=mkdirs      src=/user/a.dekanovich  dst=null  perm=loader:bigdata:rwxr-xr-x   proto=rpc
2018-05-30 14:21:42,101 INFO FSNamesystem.audit: allowed=true   ugi=loader (auth:PROXY) via httpfs (auth:SIMPLE)        ip=/10.218.70.10        cmd=setPermission       src=/user/a.dekanovich    dst=null        perm=loader:bigdata:rwxr-xr-x   proto=rpc
2018-05-30 14:21:42,122 INFO FSNamesystem.audit: allowed=false  ugi=loader (auth:PROXY) via httpfs (auth:SIMPLE)        ip=/10.218.70.10        cmd=setOwner    src=/user/a.dekanovich  dst=null  perm=null       proto=rpc

Namenode log:

2018-05-30 14:21:42,122 WARN org.apache.hadoop.security.UserGroupInformation: PriviledgedActionException as:loader (auth:PROXY) via httpfs (auth:SIMPLE) cause:org.apache.hadoop.security.AccessControlException: Non-super user cannot change owner
2018-05-30 14:21:42,122 INFO org.apache.hadoop.ipc.Server: IPC Server handler 3 on 8020, call org.apache.hadoop.hdfs.protocol.ClientProtocol.setOwner from 10.218.70.10:33488 Call#8443 Retry#0: org.apache.hadoop.security.AccessControlException: Non-super user cannot change owner

WTF is going on? The HUE service is usung the hue unix user , where does it get the loader user from ?

 

 

 

 

Announcements