Community Articles
Find and share helpful community-sourced technical articles
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.
Labels (1)
Cloudera Employee


While configuring NFS mounts to access HDFS as a part of local FS, we do tend to control the access using nfs proxies as shown below,

    The 'nfsserver' user is allowed to proxy all members of the
    'nfs-users1' and 'nfs-users2' groups. Set this to '*' to allow
    nfsserver user to proxy any group.

    This is the host where the nfs gateway is running. Set this to
    '*' to allow requests from any hosts to be proxied.

However, a user who has access to NFS server would be able to access (view) the HDFS file system even if they are not part of "hadoop.proxyuser.nfsserver.groups" and "hadoop.proxyuser.nfsserver.hosts" . This may be a security flaw in certain scenarios,


This is due to a property, "nfs.exports.allowed.hosts" which is used to allow the access to the HDFS from the hosts.


Make sure the desired hosts and permissions are assigned to HDFS.

Permissions for the property can be defined as below,

  <value>* rw</value>

NOTE: NFS gateway restart may be needed if the property is altered


Don't have an account?
Coming from Hortonworks? Activate your account here
Version history
Revision #:
1 of 1
Last update:
‎05-26-2017 12:58 AM
Updated by:
Top Kudoed Authors