Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

HDFS file/dir ownership to be <user>:<corresponding_group> in stead of <user>:supergroup

avatar
author-rank banshidhar_saho
Contributor

Created on ‎11-04-2020 04:50 AM - last edited on ‎11-04-2020 05:08 AM by Community Manager Community Manager

Hi All,

 

In our CDP 7.1.2 cluster, default ownership of any file or directory is <user>and supergroup.

One application team wants their data owner group to be their own group in stead of supergroup.

 

for example:

 

Let the app team user is 'abc' and group is 'abc'.

Currently owner and group for any file/dir in HDFS is abc:supergroup.

They want it to be abc:abc.

 

Please suggest how to achieve this so that any new file created by abc user will have ownership as abc:abc.

 

Regards,

Banshi. 

 

8,335 Views
0 Kudos
8 REPLIES 8

avatar
author-rank tusharkathpal author-rank
Expert Contributor

Created ‎11-04-2020 06:51 AM

@banshidhar_saho 

 

This is the expected behavior as in Hadoop there are no groups based on user name. It does not use the OS level groups, instead it inherits it from parent directory. The reason is that group resolution happens on NameNode where groups related to the user may not exist.

 

To fix the case in your environment, modify the owner of the parent directory. This will cause new files to use the correct group.
Run:-->hdfs dfs -chown -R username:groupname <PATH to DIR>
This will recursively change the owner and group for the given <PATH>. (Note: do this with hdfs user)

 

You can further use acls' to ensure the groups you are trying have access to it.

 

hdfs dfs -setfacl -m default:group:<group-name>:rwx <Path>

 

Let me know if this helps

8,320 Views

avatar
author-rank banshidhar_saho
Contributor

Created ‎11-04-2020 08:30 AM

Hi @tusharkathpal ,

 

Thank you very much. I tested it. It worked for ownership.

 

I want 750 permission on the directory recursively.

However it's not reflecting in case of new file.

 

Is there a way to do that? Idea is to restrict 'others' from accessing the file/dir.

 

Regards,

Banshi.

8,315 Views
0 Kudos

avatar
author-rank tusharkathpal author-rank
Expert Contributor

Created ‎11-04-2020 08:51 AM

Hey @banshidhar_saho 

 

Glad to hear it works.

 

regarding permission, it depends upon acl permissions you give. In the previous comment I had updated rwx for group. You can set it something for "other"

 

hdfs dfs -setfacl -m default:group:<group-name>:rwx <Path>

 

hdfs dfs -setfacl -m default:other::- <path>

 

Can you try the above and update if it works.

8,312 Views

avatar
author-rank Shelton
Master Mentor

Created on ‎11-04-2020 11:40 AM - edited ‎11-04-2020 11:59 AM

@banshidhar_saho 

If you want to restrict the [others] you will need to apply POSIX permission on the file/directory look at the below examples

 

Below gives read and execute to [others]

 

$ hdfs dfs -setfacl -m others::r-x /path/to/dir

 

Below gives read to [others]

 

$ hdfs dfs -setfacl -m others::r-- /path/to/dir

 

Below gives no permissions to [others]

 

$ hdfs dfs -setfacl -m others::--- /path/to/dir

 

After the changes to validate run this snippet that should show it's set and to prove as [others]

 

$ hdfs dfs -getfacl /path/to/dir

 

 

try to list files in the directory 

Happy hadooping

8,305 Views

avatar
author-rank banshidhar_saho
Contributor

Created ‎11-04-2020 11:02 PM

Hi @Shelton,

 

Thank you very much for sharing the exact commands.

 

Only thing that needs to change in the shared commands is - others should be other

Here is the command that worked for me.

 

$ hdfs dfs -setfacl -m other::--- /path/to/dir

 

Regards,

Banshi.

8,282 Views
0 Kudos

avatar
author-rank Shelton
Master Mentor

Created ‎11-04-2020 11:16 PM

@banshidhar_saho 

 

Surely that was I typo error I am happy that it worked for you. If you feel that helped you solve the issue you have, it would be great to accept it as an answer so the thread can be marked a solution for other members to reference.

 

Happy hadooping

8,280 Views
0 Kudos

avatar
author-rank VidyaSargur author-rank
Community Manager

Created ‎11-05-2020 02:04 AM

Hi @banshidhar_saho , I'm happy to see you resolved your issue. Can you please mark the appropriate reply as the solution? It will surely make it easier for others to find the answer in the future.


Regards,

Vidya Sargur,
Community Manager

Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
Learn more about the Cloudera Community:
8,275 Views
0 Kudos

avatar
author-rank banshidhar_saho
Contributor

Created ‎11-05-2020 10:32 AM

Hi Team,

 

Thank you very much for promptly responding and providing useful solution/direction.

 

While testing, app team reported that child dir/files are having r-x (for dir) and r--(files) for Others.

Looks like ACL are not getting inherited to child dir and files.

 

Can you confirm if ACL should inherit to child dir and files or not?

Is there any other configuration that I need to check and modify?

 

Regards,

Banshi.

8,262 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements