Reply
Explorer
Posts: 20
Registered: ‎10-04-2017

HDFS ACL inheritance -UMASK 007 impact hivewarehouse ?

Hello All,

I am on CDH5.9.0 and observed issues with ACL inheritance on HDFS directories as default is set to 022

[Default Umask : dfs.umaskmode, fs.permissions.umask-mode (022)]
 
as I don't want others to have any kind of privileges on any of the directories, can I keep umask of 007?
will this impact /user/hive/warehouse which needs 777 permissions recommended by Cloudera?
drwxrwxrwt   - hive hive        /user/hive/warehouse
 
Appreciate your inputs!
 
 

 

Posts: 519
Topics: 14
Kudos: 92
Solutions: 45
Registered: ‎09-02-2016

Re: HDFS ACL inheritance -UMASK 007 impact hivewarehouse ?

@Venkki

 

You can set rwx (or) --x to the warehouse folder. Since owner and group are hive, it can restrct others to read or write

drwxrwx--x  hive     hive                   /user/hive/warehouse

 

but make sure to have --x for the sub folders under warehouse

drwxrwx--x+ - hive hive /user/hive/warehouse/db1.db
drwxrwx--x+ - hive hive /user/hive/warehouse/db2.db

 

A sample facl:

==========

hdfs dfs -getfacl /user/hive/warehouse/mydb1.db
# file: /user/hive/warehouse/mydb1.db
# owner: hive
# group: hive
user::rwx
group::---
user:hive:rwx
group:hive:rwx
group:mydbgrp:rwx
mask::rwx
other::--x

 

Note: In fact, the default setting should take care of above mentioned info, if not and if you want to try, pls test this in lower env before implement in prod

Highlighted
Explorer
Posts: 20
Registered: ‎10-04-2017

Re: HDFS ACL inheritance -UMASK 007 impact hivewarehouse ?

[ Edited ]

Thanks for the prompt response!

 

I believe if we set umask 007 (dfs.umaskmode, fs.permissions.umask-mode),

this wont impact/user/hive/warehouse ? or will it override permissions set through ACL to others ?