Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

How to create superuser same as hdfs ?

Labels:
avatar
author-rank sshimpi
Super Guru

Created ‎03-14-2016 07:52 AM

Tried creating superuser same as hdfs as given in link - https://hadoop.apache.org/docs/current/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html#The... , but its not working.

I tried setting property "dfs.permissions.superusergroup = <newgroup>" but its not working.

Can anyone please let me know if this was tested working successfully ?

14,984 Views
1 ACCEPTED SOLUTION

avatar
author-rank cnauroth
Guru

Created ‎03-14-2016 04:42 PM

Hello @Sagar Shimpi.

Yes, this has been tested successfully. After changing dfs.permissions.superusergroup in hdfs-site.xml, it would require a NameNode restart for the change to take effect. If this cluster uses NameNode HA with QuorumJournalManager, then both NameNodes need to be restarted.

If that still doesn't work, then a helpful troubleshooting step would be to try running "hdfs groups <username>", where <username> is the user that you have added to the group that you want to be the HDFS supergroup. This command will print out a list of that user's group memberships, as perceived by the NameNode. If the list does not show your configured supergroup, then this indicates there is some kind of misconfiguration. Perhaps the user has not really been added to the group, or perhaps there is some custom group mapping in effect for your cluster that is not behaving as expected. More information on how group mapping works is available here:

http://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html#Group...

View solution in original post

8,122 Views
7 REPLIES 7

avatar
author-rank jstraub
Guru

Created ‎03-14-2016 08:12 AM

This might help, take a look at the post from https://martin.atlassian.net/wiki/pages/viewpage.action?pageId=27885570 @Lester Martin

8,122 Views

avatar
author-rank sshimpi
Super Guru

Created ‎03-14-2016 08:43 AM

@Jonas Straub I tried the link too, but didn't it still no luck.

8,122 Views

avatar
author-rank cnauroth
Guru

Created ‎03-14-2016 04:42 PM

Hello @Sagar Shimpi.

Yes, this has been tested successfully. After changing dfs.permissions.superusergroup in hdfs-site.xml, it would require a NameNode restart for the change to take effect. If this cluster uses NameNode HA with QuorumJournalManager, then both NameNodes need to be restarted.

If that still doesn't work, then a helpful troubleshooting step would be to try running "hdfs groups <username>", where <username> is the user that you have added to the group that you want to be the HDFS supergroup. This command will print out a list of that user's group memberships, as perceived by the NameNode. If the list does not show your configured supergroup, then this indicates there is some kind of misconfiguration. Perhaps the user has not really been added to the group, or perhaps there is some custom group mapping in effect for your cluster that is not behaving as expected. More information on how group mapping works is available here:

http://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html#Group...

8,123 Views

avatar
author-rank lubinlemarchand
Expert Contributor

Created ‎03-16-2016 11:08 AM

Hi @Chris Nauroth.

I changed the dfs.permissions.superusergroup in /etc/hadoop/2.3.2.0-2950/0/hdfs-site.xml .

Then i restarted all components for HDFS from the Ambari view. It appears that the change i had made in hdfs-site.xml has vanished. Am i doing it wrong or something?

8,122 Views
0 Kudos

avatar
author-rank ahadjidj author-rank
Guru

Created ‎03-16-2016 05:12 PM

Hi @Lubin Lemarchand

Try to change the parameter through Ambari. Go to HDFS -> Config and search for dfs.permissions.superusergroup

Ambari stores the configuration in a database which is the truth of configuration. If you directly modify configuration files that are managed by Ambari, it will update the file and delete your modification at service restart. See this link doc

8,122 Views
0 Kudos

avatar
author-rank sshimpi
Super Guru

Created ‎03-16-2016 11:32 AM

Hi @Chris Nauroth

It worked for me. My mistake was i was putting the value of dfs.permissions.superusergroup as comma separated values.

Now i remove the default value "hdfs" and replaced with my new group and it worked.

1 final question - I see every time i replace new group to property "dfs.permissions.superusergroup" , who ever are the users within that groups are superusers now. For example -

group1- hdfs1 (user - test1)

group2- hdfs2 (user - test2)

group3- hdfs3 (user - test3)

1st time i had the value of "dfs.permissions.superusergroup=hdfs1", and restarted hdfs. User "test1" was assigned/given rights as superuser.

2nd time i had the value of "dfs.permissions.superusergroup=hdfs2", and restarted hdfs. User "test2" was assigned/given rights as superuser.

3rd time i had the value of "dfs.permissions.superusergroup=hdfs3", and restarted hdfs. User "test3" was assigned/given rights as superuser.

Thus users(test1, test2, and test3) are now acting as my superusers and has same privileges as hdfs.

So now if i want to revoke the rights what is the way for that ?

8,122 Views

avatar
author-rank cnauroth
Guru

Created ‎03-17-2016 10:33 PM

@Sagar Shimpi, the NameNode will not persist or otherwise remember who is a super-user or a member of the super-group across process restarts. In your example, after setting dfs.permissions.superusergroup=hdfs3 and restarting the NameNode, only members of the hdfs3 group (i.e. user test3) would have super-user rights. (Also, the user ID that launched the NameNode process is always the super-user. That part is not changed by configuration.)

8,122 Views
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements