Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Hue creates home directory with wrong permissions

Labels:
avatar
author-rank dekan
Explorer

Created on ‎05-30-2018 05:47 AM - edited ‎09-16-2022 06:17 AM

Hi, All

 

Hue creates user home directory in hdfs /user/<username> when the user logs in first time.

The permissions as far as I understand should be <user>:<user> on this directory, but in my case it does something else/

For example it created this for the user a.dekanovich

drwxr-xr-x   - loader               supergroup                0 2018-05-30 14:59 /user/a.dekanovich

 while it should be owned by a.dekanovich:a.dekanovich

 

Some log mining shows that it attempted to create directory as the user loader and then it couldn't do a chown as loader is not allowed to do it :

Audit log

2018-05-30 14:21:42,032 INFO FSNamesystem.audit: allowed=true   ugi=a.dekanovich (auth:PROXY) via httpfs (auth:SIMPLE)  ip=/10.218.70.10        cmd=getfileinfo src=/user/a.dekanovich  dst=null  perm=null       proto=rpc
2018-05-30 14:21:42,075 INFO FSNamesystem.audit: allowed=true   ugi=loader (auth:PROXY) via httpfs (auth:SIMPLE)        ip=/10.218.70.10        cmd=mkdirs      src=/user/a.dekanovich  dst=null  perm=loader:bigdata:rwxr-xr-x   proto=rpc
2018-05-30 14:21:42,101 INFO FSNamesystem.audit: allowed=true   ugi=loader (auth:PROXY) via httpfs (auth:SIMPLE)        ip=/10.218.70.10        cmd=setPermission       src=/user/a.dekanovich    dst=null        perm=loader:bigdata:rwxr-xr-x   proto=rpc
2018-05-30 14:21:42,122 INFO FSNamesystem.audit: allowed=false  ugi=loader (auth:PROXY) via httpfs (auth:SIMPLE)        ip=/10.218.70.10        cmd=setOwner    src=/user/a.dekanovich  dst=null  perm=null       proto=rpc

Namenode log:

2018-05-30 14:21:42,122 WARN org.apache.hadoop.security.UserGroupInformation: PriviledgedActionException as:loader (auth:PROXY) via httpfs (auth:SIMPLE) cause:org.apache.hadoop.security.AccessControlException: Non-super user cannot change owner
2018-05-30 14:21:42,122 INFO org.apache.hadoop.ipc.Server: IPC Server handler 3 on 8020, call org.apache.hadoop.hdfs.protocol.ClientProtocol.setOwner from 10.218.70.10:33488 Call#8443 Retry#0: org.apache.hadoop.security.AccessControlException: Non-super user cannot change owner

WTF is going on? The HUE service is usung the hue unix user , where does it get the loader user from ?

 

 

 

 

2,857 Views
0 Kudos
2 REPLIES 2

avatar
author-rank akshay0103
Explorer

Created ‎03-24-2021 06:24 AM

I am also getting the same issue.

I deleted the user directory /user/dhagmah from hdfs. and then tried to create it from hue
It got created but with 'nobody' as owner.

I am not sure how it is taking these user ids. 

In CDH 5.16.1 I don't see any error in the logs.

Logs below( kuaksha is my user id with which i tried the operation from HUE): 

[24/Mar/2021 13:26:32 ] resource     DEBUG    PUT //user/dhagmah Got response in 32ms: {"boolean":true}

[24/Mar/2021 13:26:32 ] resource     DEBUG    PUT //user/dhagmah Got response in 11ms:

[24/Mar/2021 13:26:32 ] access       INFO     10.65.159.166 kuaksha - "POST /useradmin/users/edit/dhagmah HTTP/1.1" returned in 262ms (mem: 1524mb)

[24/Mar/2021 13:26:32 ] middleware   DEBUG    {"username": "kuaksha", "impersonator": "hue", "eventTime": 1616588792181, "operationText": "Edited User with username: dhagmah", "service": "useradmin", "url": "/useradmin/users/edit/dhagmah", "allowed": true, "operation": "EDIT_USER", "ipAddress": "10.65.159.166"}

[24/Mar/2021 13:26:41 ] access       INFO     10.65.159.166 kuaksha - "GET /useradmin/users HTTP/1.1" returned in 8801ms (mem: 1531mb)

 

Directory created:

-bash-4.2$ hdfs dfs -ls /user | grep dhagmah
drwxr-xr-x - nobody ACE-S-FRA-SDL-UAT-ALL 0 2021-03-24 13:26 /user/dhagmah

 

 

 

Where as in CDP Private Cloud 7.1.5 cluster, i get in the logs doas mentioned as some user with whch the folder is getting created there:

You can notice doas in the below logs as vc_sdl_uat_lake iwth which the folder got created after the operation completed but the actual owner should be 'singmee'. ( Kuaksha is my user id with which i tried the operation n HUE) 

 

[24/Mar/2021 11:31:52 +0000] kerberos_    DEBUG    handle_other(): Handling: 404

[24/Mar/2021 11:31:52 +0000] kerberos_    DEBUG    handle_other(): returning <Response [404]>

[24/Mar/2021 11:31:52 +0000] kerberos_    DEBUG    handle_response(): returning <Response [404]>

[24/Mar/2021 11:31:52 +0000] resource     ERROR    Error logging return call GET https://frafasleutappu9.de.db.com:14000/webhdfs/v1

Traceback (most recent call last):

  File "/opt/cloudera/parcels/CDH-7.1.5-1.cdh7.1.5.p0.7431829/lib/hue/desktop/core/src/desktop/lib/rest/resource.py", line 122, in _invoke

    resp_content = smart_unicode(resp.content, errors='replace')

AttributeError: 'NoneType' object has no attribute 'content'

[24/Mar/2021 11:31:52 +0000] resource     INFO     SLOW: 1.90 - GET https://frafasleutappu9.de.db.com:14000/webhdfs/v1 returned in 1ms

[24/Mar/2021 11:31:52 +0000] kerberos_    DEBUG    handle_other(): Handling: 200

[24/Mar/2021 11:31:52 +0000] kerberos_    DEBUG    handle_other(): returning <Response [200]>

[24/Mar/2021 11:31:52 +0000] kerberos_    DEBUG    handle_response(): returning <Response [200]>

[24/Mar/2021 11:31:52 +0000] resource     DEBUG    PUT <class 'requests_kerberos.kerberos_.HTTPKerberosAuth'> https://frafasleutappu9.de.db.com:14000/webhdfs/v1//user/singmee?permission=0770&op=MKDIRS&user.name... returned in 38ms 200 17 {"boolean":true}

[24/Mar/2021 11:31:52 +0000] kerberos_    DEBUG    handle_other(): Handling: 200

[24/Mar/2021 11:31:52 +0000] kerberos_    DEBUG    handle_other(): returning <Response [200]>

[24/Mar/2021 11:31:52 +0000] kerberos_    DEBUG    handle_response(): returning <Response [200]>

[24/Mar/2021 11:31:52 +0000] resource     DEBUG    PUT <class 'requests_kerberos.kerberos_.HTTPKerberosAuth'> https://frafasleutappu9.de.db.com:14000/webhdfs/v1//user/singmee?permission=0755&op=SETPERMISSION&us... returned in 11ms 200 0

[24/Mar/2021 11:31:52 +0000] kerberos_    DEBUG    handle_other(): Handling: 500

[24/Mar/2021 11:31:52 +0000] kerberos_    DEBUG    handle_other(): returning <Response [500]>

[24/Mar/2021 11:31:52 +0000] kerberos_    DEBUG    handle_response(): returning <Response [500]>

[24/Mar/2021 11:31:52 +0000] resource     ERROR    Error logging return call PUT https://frafasleutappu9.de.db.com:14000/webhdfs/v1

Traceback (most recent call last):

  File "/opt/cloudera/parcels/CDH-7.1.5-1.cdh7.1.5.p0.7431829/lib/hue/desktop/core/src/desktop/lib/rest/resource.py", line 122, in _invoke

    resp_content = smart_unicode(resp.content, errors='replace')

AttributeError: 'NoneType' object has no attribute 'content'

[24/Mar/2021 11:31:52 +0000] resource     DEBUG    PUT https://frafasleutappu9.de.db.com:14000/webhdfs/v1 returned in 0ms

[24/Mar/2021 11:31:52 +0000] access       INFO     10.65.159.166 kuaksha - "POST /useradmin/users/edit/singmee HTTP/1.1" returned in 1974ms 200 31 (mem: 306mb)

 

 

 

 

Please help me in understanding how its taking different user ids as owner of directories

1,563 Views
0 Kudos

avatar
author-rank paras author-rank
Master Collaborator

Created ‎04-05-2021 05:16 AM

@akshay0103 

 

Please check the Hue.ini content under field [useradmin] if there are any non default permissions being used?

Are you adding the user using create home directory permissions?

 

1,528 Views
0 Kudos
Announcements
Product Announcements
[ANNOUNCE] Cloudera on Public Cloud Runtime 7.2.18 is GA!
What's New @ Cloudera
Cloudera Operational Database (COD) supports enhancements to...
Community Announcements
March 2024 Community Highlights
Community Announcements
Celebrating 100,000 Members: A Journey of Growth and Connect...
Product Announcements
[ANNOUNCE] New Cloudera JDBC Connector for Apache Hive 2.6.2...
View More Announcements