Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

HDFS ACL Inheritance

Highlighted

HDFS ACL Inheritance

Explorer

Hi All,

 

I'm on CDH 5.3 with Sentry enabled. I have a directory with permissions set as follows:

 

[root@node1 /]# h -getfacl /directory1
# file: /directory1
# owner: hive
# group: hive
user::rwx
group::rwx
other::--x
group::CLIENTA:rwx
default:user::rwx
default:group::rwx
default:group:CLIENTA:rwx
default:mask::rwx
default:other::---

 

if I put a file here it gets created with the below permissions.

 

[root@node1 /]# h -getfacl /directory1/test
# file: /directory1/test
# owner: client_user
# group: hive
user::rw-
group::rwx #effective:r--
group:CLIENTA:rwx #effective:r--
mask::r--
other::---

 and any directory I create looks like, which means the group can't write to this.

 

[root@node1 /]# h -getfacl /directory1/testd
# file: /directory1/testd
# owner: client_user
# group: hive
user::rwx
group::rwx      #effective:r-x
group:CLIENTA:rwx        #effective:r-x
mask::r-x
other::---
default:user::rwx
default:group::rwx
default:group:CLIENTA:rwx
default:mask::rwx
default:other::---

 So the mask setting is not getting inherited, overriding the default ACLS I have set.

 

I am only using hdfs dfs commands.

 

Can anyone help me either avoid the mask being set like this, or ensure that the permissions are inherited?

 

Thanks!

 

 

2 REPLIES 2

Re: HDFS ACL Inheritance

Master Guru

Re: HDFS ACL Inheritance

Explorer

Changing default umask through cloudera manager properties of HDFS from 022 to 002 helped out to get child dir inherit the permissions from parent dir.

Abhishek