I'm following guide on install Kerberos on Cloudera Cluster, thing went fine. There is a step that setup a superuser in the end as this link
I changed the config in HDFS conf as the guide said, added a kerberos principal with the name "vega".
But when I executed commands like:
kinit -k -t /opt/kerberos/vega.keytab vega@BI.VEGA.COM (get tgt for "superuser" vega)
hadoop fs -chmod -R 771 /user/hive/warehouse
I still got permission error with user "vega", which is a "superuser"
chmod: Permission denied: user=vega, access=READ_EXECUTE, inode="/user/hive/warehouse":hive:hive:drwxrwx--x
If I add "sudo - u hdfs" before the command like some guides on the internet said, I got kerberos error:
23/05/18 09:11:57 WARN ipc.Client: Exception encountered while connecting to the server : org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[TOKEN, KERBEROS]
chmod: Failed on local exception: java.io.IOException: org.apache.hadoop.security.AccessControlException: Client cannot authenticate via:[TOKEN, KERBEROS]; Host Details : local host is: "data-node01.vega.com/172.25.0.103"; destination host is: "data-node01.vega.com":8020;
I thought that "superuser" means that I can do anything. Even the Cloudera guide said superuser is the replication for "sudo -u hdfs" command when Kerberos is enabled. Why I still get bunch of permission/kerberos error after setup "superuser"
When you enabled Kerberos for the HDFS service, you lost access to the default HDFS superuser account using sudo -u hdfs commands. Cloudera recommends you use a different user account as the superuser, not the default hdfs account
