Support Questions
Find answers, ask questions, and share your expertise

ACLs are enabled and applied but not working

Expert Contributor

Dear all,

I have enabled ACL on the ambari console and restarted the required services and I'm able to set the permissions for specific group as well. But when they try to execute it is not working. Need your suggestions. My HDP version is 2.4 and hadoop 2.7.

getfacl permission on the folder and file is:

$ hdfs dfs -getfacl -R /abc/month=12/
# file: /abc/month=12
# owner: abiuser
# group: dfsusers
user::rwx
group::r-x
group:data_team:r--
mask::r-x
other::---
default:user::rwx
default:group::r-x
default:group:data_team:r-x
default:mask::r-x
default:other::---

# file: /abc/month=12/file1.bcsf
# owner: abiuser
# group: dfsusers
user::rwx
group::r--
group:data_team:r--
mask::r--
other::---

user A and B are part of data_team, when they try to read the file we are getting the below error.

$ hadoop fs -ls /abc/month=12
ls: Permission denied: user=A, access=EXECUTE, inode="/abc/month=12":abiuser:dfsusers:drwxrwx---

Appreciate any suggestion / help?

Thank you

15 REPLIES 15

Mentor

@Muthukumar S

I am sure if it was a BUG then, hortonworks would have notified its customers having said that, it might sound trivial but try to go over your code, personally I don't see the issue with HDP 2.4 but if I may ask why haven't you upgraded?

[root@nakuru ~]# su - usera
[usera@nakuru ~]$ id
uid=1024(usera) gid=1024(usera) groups=1024(usera),507(data_team)
[usera@nakuru ~]$  hadoop fs -ls /abc/month=12
Found 2 items
-rw-r--r--+  3 abiuser dfsusers        151 2018-01-11 13:00 /abc/month=12/acltest2.txt
-rw-r--r--   3 abiuser dfsusers        249 2018-01-11 12:38 /abc/month=12/file1.txt
[usera@nakuru ~]$ hdfs dfs -getfacl -R /abc/month=12/
# file: /abc/month=12
# owner: abiuser
# group: dfsusers
user::rwx
group::r-x
other::r-x
# file: /abc/month=12/acltest2.txt
# owner: abiuser
# group: dfsusers
user::rw-
group::r--
group:data_team:r--
group:dfsusers:r--
mask::r--
other::r--
# file: /abc/month=12/file1.txt
# owner: abiuser
# group: dfsusers
user::rw-
group::r--
other::r--
[usera@nakuru ~]$

Since I reproduced your use case and provided the solution, I think its better you accept and close the thread. The hortonworks demo HDFS ACLS: fine-grained permissions for hdfs files in hadoop was delivered using HDP 2.4 , so at times when I get in such a situation I ask a friend to crosscheck my code you might have forgotten something.
Cheers !


muthukumar.jpg

Expert Contributor
@Geoffrey Shelton Okot

Thanks will close the thread. Yes the steps are verified multiple times and we end up with that error. We have not subscribed for even hortonworks basic support, because of this risk we have not upgraded. In case we stuck up with some issues there is no one to help. Client is aware of this.

Mentor

@Muthukumar S

Okay cheers I will try to build an HDP 2.4 on VM what Ambari you ambari version. I hate to leave unfinished work.

Will update you

Expert Contributor

@Geoffrey Shelton Okot

I think HDP 2.4 is not downloadable from hortonworks site? Because we will be setting up new environment in which we will install the latest version and only latest one is downloadable. May be there will be someother link for 2.4. Even I think it might be a bug on the version. There is no hint found for this error apart from the regular steps you have provided. Below are details you have asked for.

Ambari Server

$ rpm -qa | grep -i ambari
ambari-server-2.2.1.0-161.x86_64

$ rpm -qa | grep -i hadoop
hadoop_2_4_0_0_169-mapreduce-2.7.1.2.4.0.0-169.el6.x86_64
hadoop_2_4_0_0_169-yarn-2.7.1.2.4.0.0-169.el6.x86_64
hadoop_2_4_0_0_169-libhdfs-2.7.1.2.4.0.0-169.el6.x86_64
hadoop_2_4_0_0_169-2.7.1.2.4.0.0-169.el6.x86_64
hadoop_2_4_0_0_169-hdfs-2.7.1.2.4.0.0-169.el6.x86_64

$ rpm -qa | grep -i ambari
ambari-metrics-monitor-2.2.1.0-161.x86_64
ambari-metrics-collector-2.2.1.0-161.x86_64
ambari-agent-2.2.1.0-161.x86_64
ambari-metrics-hadoop-sink-2.2.1.0-161.x86_64

$ rpm -qa | grep -i hdp
hdp-select-2.4.0.0-169.el6.noarch

Mentor

@Muthukumar S

HDP 2.4 is still downloadable are https://hortonworks.com/downloads/#data-platform HDP Downloads Click view all locate Hortonworks Data Platform Archive and expand on the right of your screen

See attached screen.

I will download the sandbox and reproduce your use case.


muthukumar.jpg

Expert Contributor

@Geoffrey Shelton Okot

Thank you very much for the information.