I am on CDH5.9.0 and observed issues with ACL inheritance on HDFS directories as default is set to 022
You can set rwx (or) --x to the warehouse folder. Since owner and group are hive, it can restrct others to read or write
drwxrwx--x hive hive /user/hive/warehouse
but make sure to have --x for the sub folders under warehouse
drwxrwx--x+ - hive hive /user/hive/warehouse/db1.db
drwxrwx--x+ - hive hive /user/hive/warehouse/db2.db
A sample facl:
hdfs dfs -getfacl /user/hive/warehouse/mydb1.db
# file: /user/hive/warehouse/mydb1.db
# owner: hive
# group: hive
Note: In fact, the default setting should take care of above mentioned info, if not and if you want to try, pls test this in lower env before implement in prod
Thanks for the prompt response!
I believe if we set umask 007 (dfs.umaskmode, fs.permissions.umask-mode),
this wont impact/user/hive/warehouse ? or will it override permissions set through ACL to others ?