Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

HDFS User to Group Mapping

avatar
author-rank Greg_D
Contributor

Created on ‎03-18-2016 02:26 PM - edited ‎09-16-2022 03:10 AM

On our clusters when a user creates an HDFS directory under /user/<username> the permissions are set as <username><username> instead of <username><user group>. 

 

We are using org.apache.hadoop.security.ShellBasedUnixGroupsMapping and we do have Kerberos enabled as well as LDAP authentication enabled for login. 

 

Is there a way to have the group ownership default to the user's group instead of the user name? 

3,231 Views
1 ACCEPTED SOLUTION

avatar
author-rank Harsh J author-rank
Mentor

Created ‎03-18-2016 03:10 PM

In HDFS, the permissions model for owner and group follow the BSD rule. The owner is set to the authenticated user, but the group is inherited from the parent directory. This is documented in the Permissions Guide: http://archive.cloudera.com/cdh5/cdh/5/hadoop/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.h...

"""
When a file or directory is created, its owner is the user identity of the client process, and its group is the group of the parent directory (the BSD rule).
"""

The Group Mapping is purely used at the authorisation side, not at the creation side as you are expecting it to be.

Since your /user/username directory's group is by default the username itself, that's the value you will naturally see for all groups. If you'd like that changed, you will need to chgrp the /user/username directory to be username:user-group instead of username:username. Subsequent files will now be created with username:user-group under it.

View solution in original post

3,226 Views
1 REPLY 1

avatar
author-rank Harsh J author-rank
Mentor

Created ‎03-18-2016 03:10 PM

In HDFS, the permissions model for owner and group follow the BSD rule. The owner is set to the authenticated user, but the group is inherited from the parent directory. This is documented in the Permissions Guide: http://archive.cloudera.com/cdh5/cdh/5/hadoop/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.h...

"""
When a file or directory is created, its owner is the user identity of the client process, and its group is the group of the parent directory (the BSD rule).
"""

The Group Mapping is purely used at the authorisation side, not at the creation side as you are expecting it to be.

Since your /user/username directory's group is by default the username itself, that's the value you will naturally see for all groups. If you'd like that changed, you will need to chgrp the /user/username directory to be username:user-group instead of username:username. Subsequent files will now be created with username:user-group under it.
3,227 Views
Announcements
What's New @ Cloudera
Cloudera DataFlow 2.9 now supports building GenAI pipelines ...
What's New @ Cloudera
Accelerate Data Scientist Productivity with Cloudera Copilot...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics - Kubernetes Operato...
Community Announcements
October 2024 Community Highlights
What's New @ Cloudera
Accelerate Your AI with the Cloudera AI Inference Service wi...
View More Announcements