Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!
Solved Go to solution

How can I configure NiFi to PutHDFS as a user other than the user NiFi is running as?

Labels:
avatar
author-rank rgelhausen
Guru

Created ‎08-17-2016 04:59 PM

This is a kerberized instance of HDFS. Is it possible for flowfiles themselves to specify the HDFS user, or only on a per processor basis?

Some of our use cases call for allowing business users to define their own ingest streams and push to varying HDFS directories owned by different users, and generating and distributing keytabs to business users seems less than appealing.

3,500 Views
1 ACCEPTED SOLUTION

avatar
author-rank emaxwell author-rank
Guru

Created ‎08-17-2016 05:22 PM

@Randy Gelhausen

You can set the "Remote Owner" attribute to the user you want to own the files in HDFS. You can set "Remote Group" as well. Both of these are at the processor level and do not support Expression Language, so you'd have to set them for the processor. You could use a RouteOnAttribute processor to determine which user should own the files in HDFS and route the flow to the proper PutHDFS processor, but this will be more cumbersome than distributing keytabs to the users.

In a secure environment, the users would likely need to have their keytab to write to HDFS anyway since you'd have to authenticate somehow and there's not a way presently to pass a Kerberos ticket to NiFi.

View solution in original post

1,741 Views
2 REPLIES 2

avatar
author-rank emaxwell author-rank
Guru

Created ‎08-17-2016 05:22 PM

@Randy Gelhausen

You can set the "Remote Owner" attribute to the user you want to own the files in HDFS. You can set "Remote Group" as well. Both of these are at the processor level and do not support Expression Language, so you'd have to set them for the processor. You could use a RouteOnAttribute processor to determine which user should own the files in HDFS and route the flow to the proper PutHDFS processor, but this will be more cumbersome than distributing keytabs to the users.

In a secure environment, the users would likely need to have their keytab to write to HDFS anyway since you'd have to authenticate somehow and there's not a way presently to pass a Kerberos ticket to NiFi.

1,742 Views

avatar
author-rank rgelhausen
Guru

Created ‎08-17-2016 09:08 PM

Thanks for the suggestions. On further thought, what about using a single PutHDFS with Directory set by flowfiles.

Ranger HDFS permissions are set to allow the NiFi user to write to specific ingest directories, and downstream consumers should have Ranger HDFS read permissions on the ingest directories necessary for their application.

1,741 Views
0 Kudos
webinar banner
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements
meetups banner