Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

HDFS ACL Inheritance doesn't work

avatar
Contributor

Hi All
How do i ensure that the child dir and files created by a member of a group having rwx permissions on hdfs have the same rwx permission as parent?
I tried chmod and acls both as suggested by apache and cloudera. All the new dirs created by a user in a group having permission to write are still having the r-x permissions instead of rwx which i want.
I have also enabled dfs.namenode.posix.acl.inheritance.enabled to true and dfs.permissions also to true as mentioned in https://issues.apache.org/jira/browse/HDFS-6962.
fs.permissions.umask-mode=000
dfs.umaskmode, fs.permissions.umask-mode=022

[root@dev ~]# id abhig
uid=515(abhig) gid=519(abhig) groups=519(abhig),525(low_priority),528(devgrp)
********************************************
[abhig@dev ~]$ hdfs dfs -setfacl -m default:group:devgrp:rwx /test
[abhig@dev ~]$ hdfs dfs -getfacl /test
# file: /test
# owner: abhig
# group: devgrp
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:group:devgrp:rwx
default:mask::rwx
default:other::r-x
********************************************
[abhig@dev ~]$ hdfs dfs -mkdir /test/tst1
[abhig@dev ~]$ hdfs dfs -getfacl /test/tst1
# file: /test/tst1
# owner: abhig
# group: devgrp
user::rwx
group::r-x
group:devgrp:rwx #effective:r-x
mask::r-x
other::r-x
default:user::rwx
default:group::r-x
default:group:devgrp:rwx
default:mask::rwx
default:other::r-x
*********************************************

This doesn't help much

https://community.cloudera.com/t5/Storage-Random-Access-HDFS/HDFS-ACL-Inheritance/m-p/25494#M1092 

 

Please give a workaround if any.

Abhishek
1 ACCEPTED SOLUTION

avatar
Contributor

Changing default umask through cloudera manager properties of HDFS from 022 to 002 helped out to get child dir inherit the permissions from parent dir.

Abhishek

View solution in original post

2 REPLIES 2

avatar
Contributor

Changing default umask through cloudera manager properties of HDFS from 022 to 002 helped out to get child dir inherit the permissions from parent dir.

Abhishek

avatar
Contributor

Hi Folks,

if we change umask mode to 002 from 022 will fix this?

is there any version dependency? currently, we are in 5.9.0.

 

My question is for the directory, seems we are forcing to give write permissions to group by changing to 002? 

 

directory:

022 - rwxr-xr-x 

002 - rwxrwxr-w

 

File:

022- rw-r--r--

002 - rw-rw-r--

 

 

This is how much ACL on directory looks like, i have few groups that need only r-x, if we keep 002 will it get changed to rwx for group? 

 

hdfs dfs -getfacl /test/ky/val/claim/version=xx/
# file: /test/ky/val/claim/version=xx
# owner: svc_ingest_t
# group: supergroup
user::rwx
user:hive:rwx
group::rwx
group:g_ingt_ba:r-x
group:g_ingt_bu:rwx
group:g_ingt_du:r-x
group:hive:rwx
mask::rwx
other::---
default:user::rwx
default:user:hive:rwx
default:group::rwx
default:group:g_ingt_ba:r-x
default:group:g_ingt_bu:rwx
default:group:g_du:r-x
default:group:hive:rwx
default:mask::rwx
default:other::---