Support Questions
Find answers, ask questions, and share your expertise

Hue creates home directory with wrong permissions

Hue creates home directory with wrong permissions

Explorer

Hi, All

 

Hue creates user home directory in hdfs /user/<username> when the user logs in first time.

The permissions as far as I understand should be <user>:<user> on this directory, but in my case it does something else/

For example it created this for the user a.dekanovich

drwxr-xr-x   - loader               supergroup                0 2018-05-30 14:59 /user/a.dekanovich

 while it should be owned by a.dekanovich:a.dekanovich

 

Some log mining shows that it attempted to create directory as the user loader and then it couldn't do a chown as loader is not allowed to do it :

Audit log

2018-05-30 14:21:42,032 INFO FSNamesystem.audit: allowed=true   ugi=a.dekanovich (auth:PROXY) via httpfs (auth:SIMPLE)  ip=/10.218.70.10        cmd=getfileinfo src=/user/a.dekanovich  dst=null  perm=null       proto=rpc
2018-05-30 14:21:42,075 INFO FSNamesystem.audit: allowed=true   ugi=loader (auth:PROXY) via httpfs (auth:SIMPLE)        ip=/10.218.70.10        cmd=mkdirs      src=/user/a.dekanovich  dst=null  perm=loader:bigdata:rwxr-xr-x   proto=rpc
2018-05-30 14:21:42,101 INFO FSNamesystem.audit: allowed=true   ugi=loader (auth:PROXY) via httpfs (auth:SIMPLE)        ip=/10.218.70.10        cmd=setPermission       src=/user/a.dekanovich    dst=null        perm=loader:bigdata:rwxr-xr-x   proto=rpc
2018-05-30 14:21:42,122 INFO FSNamesystem.audit: allowed=false  ugi=loader (auth:PROXY) via httpfs (auth:SIMPLE)        ip=/10.218.70.10        cmd=setOwner    src=/user/a.dekanovich  dst=null  perm=null       proto=rpc

Namenode log:

2018-05-30 14:21:42,122 WARN org.apache.hadoop.security.UserGroupInformation: PriviledgedActionException as:loader (auth:PROXY) via httpfs (auth:SIMPLE) cause:org.apache.hadoop.security.AccessControlException: Non-super user cannot change owner
2018-05-30 14:21:42,122 INFO org.apache.hadoop.ipc.Server: IPC Server handler 3 on 8020, call org.apache.hadoop.hdfs.protocol.ClientProtocol.setOwner from 10.218.70.10:33488 Call#8443 Retry#0: org.apache.hadoop.security.AccessControlException: Non-super user cannot change owner

WTF is going on? The HUE service is usung the hue unix user , where does it get the loader user from ?

 

 

 

 

2 REPLIES 2

Re: Hue creates home directory with wrong permissions

New Contributor

I am also getting the same issue.

I deleted the user directory /user/dhagmah from hdfs. and then tried to create it from hue
It got created but with 'nobody' as owner.

I am not sure how it is taking these user ids. 

In CDH 5.16.1 I don't see any error in the logs.

Logs below( kuaksha is my user id with which i tried the operation from HUE): 

[24/Mar/2021 13:26:32 ] resource     DEBUG    PUT //user/dhagmah Got response in 32ms: {"boolean":true}

[24/Mar/2021 13:26:32 ] resource     DEBUG    PUT //user/dhagmah Got response in 11ms:

[24/Mar/2021 13:26:32 ] access       INFO     10.65.159.166 kuaksha - "POST /useradmin/users/edit/dhagmah HTTP/1.1" returned in 262ms (mem: 1524mb)

[24/Mar/2021 13:26:32 ] middleware   DEBUG    {"username": "kuaksha", "impersonator": "hue", "eventTime": 1616588792181, "operationText": "Edited User with username: dhagmah", "service": "useradmin", "url": "/useradmin/users/edit/dhagmah", "allowed": true, "operation": "EDIT_USER", "ipAddress": "10.65.159.166"}

[24/Mar/2021 13:26:41 ] access       INFO     10.65.159.166 kuaksha - "GET /useradmin/users HTTP/1.1" returned in 8801ms (mem: 1531mb)

 

Directory created:

-bash-4.2$ hdfs dfs -ls /user | grep dhagmah
drwxr-xr-x - nobody ACE-S-FRA-SDL-UAT-ALL 0 2021-03-24 13:26 /user/dhagmah

 

 

 

Where as in CDP Private Cloud 7.1.5 cluster, i get in the logs doas mentioned as some user with whch the folder is getting created there:

You can notice doas in the below logs as vc_sdl_uat_lake iwth which the folder got created after the operation completed but the actual owner should be 'singmee'. ( Kuaksha is my user id with which i tried the operation n HUE) 

 

[24/Mar/2021 11:31:52 +0000] kerberos_    DEBUG    handle_other(): Handling: 404

[24/Mar/2021 11:31:52 +0000] kerberos_    DEBUG    handle_other(): returning <Response [404]>

[24/Mar/2021 11:31:52 +0000] kerberos_    DEBUG    handle_response(): returning <Response [404]>

[24/Mar/2021 11:31:52 +0000] resource     ERROR    Error logging return call GET https://frafasleutappu9.de.db.com:14000/webhdfs/v1

Traceback (most recent call last):

  File "/opt/cloudera/parcels/CDH-7.1.5-1.cdh7.1.5.p0.7431829/lib/hue/desktop/core/src/desktop/lib/rest/resource.py", line 122, in _invoke

    resp_content = smart_unicode(resp.content, errors='replace')

AttributeError: 'NoneType' object has no attribute 'content'

[24/Mar/2021 11:31:52 +0000] resource     INFO     SLOW: 1.90 - GET https://frafasleutappu9.de.db.com:14000/webhdfs/v1 returned in 1ms

[24/Mar/2021 11:31:52 +0000] kerberos_    DEBUG    handle_other(): Handling: 200

[24/Mar/2021 11:31:52 +0000] kerberos_    DEBUG    handle_other(): returning <Response [200]>

[24/Mar/2021 11:31:52 +0000] kerberos_    DEBUG    handle_response(): returning <Response [200]>

[24/Mar/2021 11:31:52 +0000] resource     DEBUG    PUT <class 'requests_kerberos.kerberos_.HTTPKerberosAuth'> https://frafasleutappu9.de.db.com:14000/webhdfs/v1//user/singmee?permission=0770&op=MKDIRS&user.name... returned in 38ms 200 17 {"boolean":true}

[24/Mar/2021 11:31:52 +0000] kerberos_    DEBUG    handle_other(): Handling: 200

[24/Mar/2021 11:31:52 +0000] kerberos_    DEBUG    handle_other(): returning <Response [200]>

[24/Mar/2021 11:31:52 +0000] kerberos_    DEBUG    handle_response(): returning <Response [200]>

[24/Mar/2021 11:31:52 +0000] resource     DEBUG    PUT <class 'requests_kerberos.kerberos_.HTTPKerberosAuth'> https://frafasleutappu9.de.db.com:14000/webhdfs/v1//user/singmee?permission=0755&op=SETPERMISSION&us... returned in 11ms 200 0

[24/Mar/2021 11:31:52 +0000] kerberos_    DEBUG    handle_other(): Handling: 500

[24/Mar/2021 11:31:52 +0000] kerberos_    DEBUG    handle_other(): returning <Response [500]>

[24/Mar/2021 11:31:52 +0000] kerberos_    DEBUG    handle_response(): returning <Response [500]>

[24/Mar/2021 11:31:52 +0000] resource     ERROR    Error logging return call PUT https://frafasleutappu9.de.db.com:14000/webhdfs/v1

Traceback (most recent call last):

  File "/opt/cloudera/parcels/CDH-7.1.5-1.cdh7.1.5.p0.7431829/lib/hue/desktop/core/src/desktop/lib/rest/resource.py", line 122, in _invoke

    resp_content = smart_unicode(resp.content, errors='replace')

AttributeError: 'NoneType' object has no attribute 'content'

[24/Mar/2021 11:31:52 +0000] resource     DEBUG    PUT https://frafasleutappu9.de.db.com:14000/webhdfs/v1 returned in 0ms

[24/Mar/2021 11:31:52 +0000] access       INFO     10.65.159.166 kuaksha - "POST /useradmin/users/edit/singmee HTTP/1.1" returned in 1974ms 200 31 (mem: 306mb)

 

 

 

 

Please help me in understanding how its taking different user ids as owner of directories

Re: Hue creates home directory with wrong permissions

Expert Contributor

@akshay0103 

 

Please check the Hue.ini content under field [useradmin] if there are any non default permissions being used?

Are you adding the user using create home directory permissions?