Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Now Live: Explore expert insights and technical deep dives on the new Cloudera Community BlogsRead the Announcement
Solved Go to solution

HDFS File Permissions

Labels:
avatar
author-rank ssen
Rising Star

Created ‎10-04-2015 10:35 PM

Hello, I want to test the file permissions of HDFS. By these Tests I get a strange behavior of Hadoop. I created a new directory with the user “root”. The used command was “hadoop fs -mkdir /user/test”. After this I changed the permissions of this directory to r, w, x only for the owner (“hadoop fs -chmod 700 /user/test”). And I copied a new file into this directory (“hadoop fs -put test.txt /user/test”) and I changed the permissions of this file (“hadoop fs -chmod 600 /user/test/test.txt”), too.

I created an new user and a new usergroup and added the new user to this group. With this new user is accessed the folder (“hadoop fs -ls /user/test”) and deleted the file (“hadoop fs -rm ./user/test/test.txt”). With the right permissions i havn’t do this.

I do this Test with the same file in the UNIX-Filesystem and there the Deletion failed. This is the right behavior I expected in HDFS.

I used the HDP 2.3 Sandbox with default configuration.

Had anyone the same behavior or did I a mistake?

5,241 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank ssen
Rising Star

Created ‎10-04-2015 10:36 PM

Before Ranger was integrated with Sandbox, the dfs.perm in Sandbox was set to false. The reason was to allow Hue and some other use cases to create databases and tables. After Ranger was integrated, we emulated the same behavior by creating a global policy to allow everyone. If they go through the Sandbox Security tutorials, the first step is to disable the global policy (for each component). If you disable the global HDFS policy in Ranger which allows everyone, then you should see what you expect from HDFS security permissions.

View solution in original post

4,401 Views
0 Kudos
1 REPLY 1

avatar
author-rank ssen
Rising Star

Created ‎10-04-2015 10:36 PM

Before Ranger was integrated with Sandbox, the dfs.perm in Sandbox was set to false. The reason was to allow Hue and some other use cases to create databases and tables. After Ranger was integrated, we emulated the same behavior by creating a global policy to allow everyone. If they go through the Sandbox Security tutorials, the first step is to disable the global policy (for each component). If you disable the global HDFS policy in Ranger which allows everyone, then you should see what you expect from HDFS security permissions.

4,402 Views
0 Kudos
Announcements
Community Announcements
Announcing the Launch of Cloudera Community Blogs
Community Announcements
October / November 2025 Community Highlights
What's New @ Cloudera
Announcing Cloudera Streaming Analytics - Kubernetes Operato...
What's New @ Cloudera
Announcing Cloudera Streams Messaging - Kubernetes Operator ...
Community Announcements
Welcome to the Cloudera Community!
View More Announcements