Cloudera Community

Archives of Support Questions (Read Only)

This is an archived board for historical reference. Information and links may no longer be available or relevant
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
This board is archived and read-only for historical reference. To ask a new question, please post a new topic on the appropriate active board.
Solved Go to solution

cannot create user directory after kerberos

Labels:
avatar
author-rank yongie
Contributor

Created on ‎07-24-2018 12:36 AM - last edited on ‎07-24-2018 07:21 AM by Community Manager Community Manager

Hi there,

 

I just enable Kerberos on my test cluster, however after enabling kerberos, I am not able to create /user/test directory anymore due to permission error.

 


hadoop fs -mkdir /user/test
mkdir: Permission denied: user=admin, access=WRITE, inode="/user":hdfs:supergroup:drwxr-xr-x

 

Anyway to fix it?

 

Thanks

6,997 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank bgooley author-rank
Master Guru

Created ‎07-24-2018 12:15 PM

@yongie,

 

The Permission Denied message indicates that your hadoop command is authenticating as the user "admin".  As you can see, the user "admin" does not have previlige to write to the /user directory.

 

In order to be able to have non-hdfs user write to that /user directory with the permissions as they are, that "admin" user will need to be a superuser.

 

If you are not interested in having outher users as superusers, then the other option is to kinit as hdfs

Basically, you need to create a user in your KDC with the name "hdfs" and with the userprincipalname hdfs@realm.

 

See this page for details all that I mentioned above:

 

https://www.cloudera.com/documentation/enterprise/latest/topics/cm_sg_s5_hdfs_principal.html

 

Ben

View solution in original post

6,951 Views
0 Kudos
5 REPLIES 5

avatar
saranvisa author-rank
Champion

Created ‎07-24-2018 02:09 AM

@yongie

 

switch to hdfs user and try again

6,984 Views
0 Kudos

avatar
author-rank bgooley author-rank
Master Guru

Created ‎07-24-2018 12:15 PM

@yongie,

 

The Permission Denied message indicates that your hadoop command is authenticating as the user "admin".  As you can see, the user "admin" does not have previlige to write to the /user directory.

 

In order to be able to have non-hdfs user write to that /user directory with the permissions as they are, that "admin" user will need to be a superuser.

 

If you are not interested in having outher users as superusers, then the other option is to kinit as hdfs

Basically, you need to create a user in your KDC with the name "hdfs" and with the userprincipalname hdfs@realm.

 

See this page for details all that I mentioned above:

 

https://www.cloudera.com/documentation/enterprise/latest/topics/cm_sg_s5_hdfs_principal.html

 

Ben

6,952 Views
0 Kudos

avatar
author-rank yongie
Contributor

Created ‎07-27-2018 12:17 AM

@bgooley

 

It does the trick by creating hdfs user in kerberos, however, for the proper setup do I need to change the supergroup? and assign user to supergroup?

 

 

6,897 Views
0 Kudos

avatar
author-rank adiz
Explorer

Created ‎03-19-2021 12:37 PM

Ohh My God, This worked 
You are a lifesaver.

 

4,921 Views
0 Kudos

avatar
author-rank adiz
Explorer

Created ‎03-19-2021 12:49 PM

that worked but when I tried to fire command from admin user (commands like --- hdfs dfs -cp file /user/admin or hdfs dfs -ls /user/)
it's not allowing me 

giving below error

WARN security.UserGroupInformation: PriviledgedActionException as:admin (auth:KERBEROS) cause:javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]

4,918 Views
0 Kudos
Announcements
What's New @ Cloudera
Announcing Cloudera Streaming Analytics 1.17: Python UDFs, S...
Community Announcements
Content Update: Evolving Our Community Content for Better, A...
Community Announcements
Product Name Updates — Community Label Changes & Notificatio...
What's New @ Cloudera
Announcing Cloudera Data Lineage for Trino
What's New @ Cloudera
Announcing Cloudera Streaming Analytics Operator for Kuberne...
View More Announcements