Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

HDFS File Permissions

Solved Go to solution

HDFS File Permissions

Contributor

Hello, I want to test the file permissions of HDFS. By these Tests I get a strange behavior of Hadoop. I created a new directory with the user “root”. The used command was “hadoop fs -mkdir /user/test”. After this I changed the permissions of this directory to r, w, x only for the owner (“hadoop fs -chmod 700 /user/test”). And I copied a new file into this directory (“hadoop fs -put test.txt /user/test”) and I changed the permissions of this file (“hadoop fs -chmod 600 /user/test/test.txt”), too.

I created an new user and a new usergroup and added the new user to this group. With this new user is accessed the folder (“hadoop fs -ls /user/test”) and deleted the file (“hadoop fs -rm ./user/test/test.txt”). With the right permissions i havn’t do this.

I do this Test with the same file in the UNIX-Filesystem and there the Deletion failed. This is the right behavior I expected in HDFS.

I used the HDP 2.3 Sandbox with default configuration.

Had anyone the same behavior or did I a mistake?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: HDFS File Permissions

Contributor

Before Ranger was integrated with Sandbox, the dfs.perm in Sandbox was set to false. The reason was to allow Hue and some other use cases to create databases and tables. After Ranger was integrated, we emulated the same behavior by creating a global policy to allow everyone. If they go through the Sandbox Security tutorials, the first step is to disable the global policy (for each component). If you disable the global HDFS policy in Ranger which allows everyone, then you should see what you expect from HDFS security permissions.

1 REPLY 1

Re: HDFS File Permissions

Contributor

Before Ranger was integrated with Sandbox, the dfs.perm in Sandbox was set to false. The reason was to allow Hue and some other use cases to create databases and tables. After Ranger was integrated, we emulated the same behavior by creating a global policy to allow everyone. If they go through the Sandbox Security tutorials, the first step is to disable the global policy (for each component). If you disable the global HDFS policy in Ranger which allows everyone, then you should see what you expect from HDFS security permissions.