Support Questions

Find answers, ask questions, and share your expertise
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

HDFS File Permissions

avatar
Rising Star

Hello, I want to test the file permissions of HDFS. By these Tests I get a strange behavior of Hadoop. I created a new directory with the user “root”. The used command was “hadoop fs -mkdir /user/test”. After this I changed the permissions of this directory to r, w, x only for the owner (“hadoop fs -chmod 700 /user/test”). And I copied a new file into this directory (“hadoop fs -put test.txt /user/test”) and I changed the permissions of this file (“hadoop fs -chmod 600 /user/test/test.txt”), too.

I created an new user and a new usergroup and added the new user to this group. With this new user is accessed the folder (“hadoop fs -ls /user/test”) and deleted the file (“hadoop fs -rm ./user/test/test.txt”). With the right permissions i havn’t do this.

I do this Test with the same file in the UNIX-Filesystem and there the Deletion failed. This is the right behavior I expected in HDFS.

I used the HDP 2.3 Sandbox with default configuration.

Had anyone the same behavior or did I a mistake?

1 ACCEPTED SOLUTION

avatar
Rising Star

Before Ranger was integrated with Sandbox, the dfs.perm in Sandbox was set to false. The reason was to allow Hue and some other use cases to create databases and tables. After Ranger was integrated, we emulated the same behavior by creating a global policy to allow everyone. If they go through the Sandbox Security tutorials, the first step is to disable the global policy (for each component). If you disable the global HDFS policy in Ranger which allows everyone, then you should see what you expect from HDFS security permissions.

View solution in original post

1 REPLY 1

avatar
Rising Star

Before Ranger was integrated with Sandbox, the dfs.perm in Sandbox was set to false. The reason was to allow Hue and some other use cases to create databases and tables. After Ranger was integrated, we emulated the same behavior by creating a global policy to allow everyone. If they go through the Sandbox Security tutorials, the first step is to disable the global policy (for each component). If you disable the global HDFS policy in Ranger which allows everyone, then you should see what you expect from HDFS security permissions.