Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

HDFS User to Group Mapping

avatar
author-rank Greg_D
Contributor

Created on ‎03-18-2016 02:26 PM - edited ‎09-16-2022 03:10 AM

On our clusters when a user creates an HDFS directory under /user/<username> the permissions are set as <username><username> instead of <username><user group>. 

 

We are using org.apache.hadoop.security.ShellBasedUnixGroupsMapping and we do have Kerberos enabled as well as LDAP authentication enabled for login. 

 

Is there a way to have the group ownership default to the user's group instead of the user name? 

3,246 Views
1 ACCEPTED SOLUTION

avatar
author-rank Harsh J author-rank
Mentor

Created ‎03-18-2016 03:10 PM

In HDFS, the permissions model for owner and group follow the BSD rule. The owner is set to the authenticated user, but the group is inherited from the parent directory. This is documented in the Permissions Guide: http://archive.cloudera.com/cdh5/cdh/5/hadoop/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.h...

"""
When a file or directory is created, its owner is the user identity of the client process, and its group is the group of the parent directory (the BSD rule).
"""

The Group Mapping is purely used at the authorisation side, not at the creation side as you are expecting it to be.

Since your /user/username directory's group is by default the username itself, that's the value you will naturally see for all groups. If you'd like that changed, you will need to chgrp the /user/username directory to be username:user-group instead of username:username. Subsequent files will now be created with username:user-group under it.

View solution in original post

3,241 Views
1 REPLY 1

avatar
author-rank Harsh J author-rank
Mentor

Created ‎03-18-2016 03:10 PM

In HDFS, the permissions model for owner and group follow the BSD rule. The owner is set to the authenticated user, but the group is inherited from the parent directory. This is documented in the Permissions Guide: http://archive.cloudera.com/cdh5/cdh/5/hadoop/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.h...

"""
When a file or directory is created, its owner is the user identity of the client process, and its group is the group of the parent directory (the BSD rule).
"""

The Group Mapping is purely used at the authorisation side, not at the creation side as you are expecting it to be.

Since your /user/username directory's group is by default the username itself, that's the value you will naturally see for all groups. If you'd like that changed, you will need to chgrp the /user/username directory to be username:user-group instead of username:username. Subsequent files will now be created with username:user-group under it.
3,242 Views
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements