Community Articles

Find and share helpful community-sourced technical articles.
Labels (1)
Cloudera Employee


While configuring NFS mounts to access HDFS as a part of local FS, we do tend to control the access using nfs proxies as shown below,

    The 'nfsserver' user is allowed to proxy all members of the
    'nfs-users1' and 'nfs-users2' groups. Set this to '*' to allow
    nfsserver user to proxy any group.

    This is the host where the nfs gateway is running. Set this to
    '*' to allow requests from any hosts to be proxied.

However, a user who has access to NFS server would be able to access (view) the HDFS file system even if they are not part of "hadoop.proxyuser.nfsserver.groups" and "hadoop.proxyuser.nfsserver.hosts" . This may be a security flaw in certain scenarios,


This is due to a property, "nfs.exports.allowed.hosts" which is used to allow the access to the HDFS from the hosts.


Make sure the desired hosts and permissions are assigned to HDFS.

Permissions for the property can be defined as below,

  <value>* rw</value>

NOTE: NFS gateway restart may be needed if the property is altered


Take a Tour of the Community
Don't have an account?
Your experience may be limited. Sign in to explore more.
Version history
Last update:
‎05-26-2017 12:58 AM
Updated by:
Top Kudoed Authors