Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Hue creates home directory with wrong permissions

Highlighted

Hue creates home directory with wrong permissions

Explorer

Hi, All

 

Hue creates user home directory in hdfs /user/<username> when the user logs in first time.

The permissions as far as I understand should be <user>:<user> on this directory, but in my case it does something else/

For example it created this for the user a.dekanovich

drwxr-xr-x   - loader               supergroup                0 2018-05-30 14:59 /user/a.dekanovich

 while it should be owned by a.dekanovich:a.dekanovich

 

Some log mining shows that it attempted to create directory as the user loader and then it couldn't do a chown as loader is not allowed to do it :

Audit log

2018-05-30 14:21:42,032 INFO FSNamesystem.audit: allowed=true   ugi=a.dekanovich (auth:PROXY) via httpfs (auth:SIMPLE)  ip=/10.218.70.10        cmd=getfileinfo src=/user/a.dekanovich  dst=null  perm=null       proto=rpc
2018-05-30 14:21:42,075 INFO FSNamesystem.audit: allowed=true   ugi=loader (auth:PROXY) via httpfs (auth:SIMPLE)        ip=/10.218.70.10        cmd=mkdirs      src=/user/a.dekanovich  dst=null  perm=loader:bigdata:rwxr-xr-x   proto=rpc
2018-05-30 14:21:42,101 INFO FSNamesystem.audit: allowed=true   ugi=loader (auth:PROXY) via httpfs (auth:SIMPLE)        ip=/10.218.70.10        cmd=setPermission       src=/user/a.dekanovich    dst=null        perm=loader:bigdata:rwxr-xr-x   proto=rpc
2018-05-30 14:21:42,122 INFO FSNamesystem.audit: allowed=false  ugi=loader (auth:PROXY) via httpfs (auth:SIMPLE)        ip=/10.218.70.10        cmd=setOwner    src=/user/a.dekanovich  dst=null  perm=null       proto=rpc

Namenode log:

2018-05-30 14:21:42,122 WARN org.apache.hadoop.security.UserGroupInformation: PriviledgedActionException as:loader (auth:PROXY) via httpfs (auth:SIMPLE) cause:org.apache.hadoop.security.AccessControlException: Non-super user cannot change owner
2018-05-30 14:21:42,122 INFO org.apache.hadoop.ipc.Server: IPC Server handler 3 on 8020, call org.apache.hadoop.hdfs.protocol.ClientProtocol.setOwner from 10.218.70.10:33488 Call#8443 Retry#0: org.apache.hadoop.security.AccessControlException: Non-super user cannot change owner

WTF is going on? The HUE service is usung the hue unix user , where does it get the loader user from ?