Created on 02-24-2016 07:36 PM
Apache JIRA HDFS-9552 is a documentation patch that clarifies exactly what kinds of permission checks are enforced by HDFS for each kind of user operation on a file system path. This documentation is not yet live on hadoop.apache.org. I am posting the same content here in the interim until HDFS-9552 ships in an official Apache release.
Each HDFS operation demands that the user has specific permissions (some combination of READ, WRITE and EXECUTE), granted through file ownership, group membership or the other permissions. An operation may perform permission checks at multiple components of the path, not only the final component. Additionally, some operations depend on a check of the owner of a path.
All operations require traversal access. Traversal access demands the EXECUTE permission on all existing components of the path, except for the final path component. For example, for any operation accessing /foo/bar/baz, the caller must have EXECUTE permission on /, /foo and /foo/bar.
The following table describes the permission checks performed by HDFS for each component of the path.
Operation | Ownership | Parent | Ancestor | Final | Sub-tree |
---|---|---|---|---|---|
append | NO | N/A | N/A | WRITE | N/A |
concat | NO [2] | WRITE (sources) | N/A | READ (sources), WRITE (destination) | N/A |
create | NO | N/A | WRITE | WRITE [1] | N/A |
createSnapshot | YES | N/A | N/A | N/A | N/A |
delete | NO [2] | WRITE | N/A | N/A | READ, WRITE, EXECUTE |
deleteSnapshot | YES | N/A | N/A | N/A | N/A |
getAclStatus | NO | N/A | N/A | N/A | N/A |
getBlockLocations | NO | N/A | N/A | READ | N/A |
getContentSummary | NO | N/A | N/A | N/A | READ, EXECUTE |
getFileInfo | NO | N/A | N/A | N/A | N/A |
getFileLinkInfo | NO | N/A | N/A | N/A | N/A |
getLinkTarget | NO | N/A | N/A | N/A | N/A |
getListing | NO | N/A | N/A | READ, EXECUTE | N/A |
getSnapshotDiffReport | NO | N/A | N/A | READ | READ |
getStoragePolicy | NO | N/A | N/A | READ | N/A |
getXAttrs | NO | N/A | N/A | READ | N/A |
listXAttrs | NO | EXECUTE | N/A | N/A | N/A |
mkdirs | NO | N/A | WRITE | N/A | N/A |
modifyAclEntries | YES | N/A | N/A | N/A | N/A |
removeAcl | YES | N/A | N/A | N/A | N/A |
removeAclEntries | YES | N/A | N/A | N/A | N/A |
removeDefaultAcl | YES | N/A | N/A | N/A | N/A |
removeXAttr | NO [2] | N/A | N/A | WRITE | N/A |
rename | NO [2] | WRITE (source) | WRITE (destination) | N/A | N/A |
renameSnapshot | YES | N/A | N/A | N/A | N/A |
setAcl | YES | N/A | N/A | N/A | N/A |
setOwner | YES [3] | N/A | N/A | N/A | N/A |
setPermission | YES | N/A | N/A | N/A | N/A |
setReplication | NO | N/A | N/A | WRITE | N/A |
setStoragePolicy | NO | N/A | N/A | WRITE | N/A |
setTimes | NO | N/A | N/A | WRITE | N/A |
setXAttr | NO [2] | N/A | N/A | WRITE | N/A |
truncate | NO | N/A | N/A | WRITE | N/A |
[1] WRITE access on the final path component during create is only required if the call uses the overwrite option and there is an existing file at the path.
[2] Any operation that checks WRITE permission on the parent directory also checks ownership if the sticky bit is set.
[3] Calling setOwner to change the user that owns a file requires HDFS super-user access. HDFS super-user access is not required to change the group, but the caller must be a member of the specified group.
Created on 02-26-2016 04:30 AM
Excellent reference, thanks!