Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

Datanode data directory permissions

Labels:
avatar
author-rank Dev4Hadoop
Explorer

Created on ‎09-11-2015 07:36 AM - edited ‎09-16-2022 02:40 AM

Since documents say set directory permission to 700 for datanode data directories( owned by hdfs), and Yarn/Node Manager/Containers will run as mapred userid, then how do mapred programs access blocks , based on my understanding mapred user wont be able to do ls -ltr ${dfs.datanode.data.dir} ? OR this is somehow driven by how file has permission set within hdfs?

 

Thanks for the help!!

 

 

Regards,

Dev

4,809 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank Harsh J author-rank
Mentor

Created ‎09-27-2015 07:54 AM

A few points:

1. Remote/non-short-circuit-local block reads are done via the DN IPC port (50010 or 1004), and not via local filesystem, so HDFS clients of any form will never require local permission access to the block files. The DN reads and streams the data. Same applies for writes.
2. Local short circuit reads, if enabled and applicable, are done in a secure manner via use of Unix Socket Domains. The DN opens the file and passes the file descriptor to the client, bypassing the need for clients to be able to read block file paths directly.

View solution in original post

4,769 Views
2 REPLIES 2

avatar
author-rank Harsh J author-rank
Mentor

Created ‎09-27-2015 07:54 AM

A few points:

1. Remote/non-short-circuit-local block reads are done via the DN IPC port (50010 or 1004), and not via local filesystem, so HDFS clients of any form will never require local permission access to the block files. The DN reads and streams the data. Same applies for writes.
2. Local short circuit reads, if enabled and applicable, are done in a secure manner via use of Unix Socket Domains. The DN opens the file and passes the file descriptor to the client, bypassing the need for clients to be able to read block file paths directly.
4,770 Views

avatar
author-rank Dev4Hadoop
Explorer

Created ‎09-27-2015 04:50 PM

Thanks!

4,764 Views
0 Kudos
Announcements
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
What's New @ Cloudera
Announcing Cloudera Streaming Analytics Operator for Kuberne...
View More Announcements