Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

HDFS ACL inheritance -UMASK 007 impact hivewarehouse ?

HDFS ACL inheritance -UMASK 007 impact hivewarehouse ?

Contributor

Hello All,

I am on CDH5.9.0 and observed issues with ACL inheritance on HDFS directories as default is set to 022

[Default Umask : dfs.umaskmode, fs.permissions.umask-mode (022)]
 
as I don't want others to have any kind of privileges on any of the directories, can I keep umask of 007?
will this impact /user/hive/warehouse which needs 777 permissions recommended by Cloudera?
drwxrwxrwt   - hive hive        /user/hive/warehouse
 
Appreciate your inputs!
 
 

 

2 REPLIES 2

Re: HDFS ACL inheritance -UMASK 007 impact hivewarehouse ?

Champion

@Venkki

 

You can set rwx (or) --x to the warehouse folder. Since owner and group are hive, it can restrct others to read or write

drwxrwx--x  hive     hive                   /user/hive/warehouse

 

but make sure to have --x for the sub folders under warehouse

drwxrwx--x+ - hive hive /user/hive/warehouse/db1.db
drwxrwx--x+ - hive hive /user/hive/warehouse/db2.db

 

A sample facl:

==========

hdfs dfs -getfacl /user/hive/warehouse/mydb1.db
# file: /user/hive/warehouse/mydb1.db
# owner: hive
# group: hive
user::rwx
group::---
user:hive:rwx
group:hive:rwx
group:mydbgrp:rwx
mask::rwx
other::--x

 

Note: In fact, the default setting should take care of above mentioned info, if not and if you want to try, pls test this in lower env before implement in prod

Re: HDFS ACL inheritance -UMASK 007 impact hivewarehouse ?

Contributor

Thanks for the prompt response!

 

I believe if we set umask 007 (dfs.umaskmode, fs.permissions.umask-mode),

this wont impact/user/hive/warehouse ? or will it override permissions set through ACL to others ?