Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Owner Group Write Permision to an HDFS path

avatar
author-rank Seaport
Expert Contributor

Created on ‎02-10-2020 09:05 AM - last edited on ‎02-10-2020 10:56 AM by Moderator

I have run the following test case several times and got the same result.
Context:
1. My HDP cluster uses the simple mode to determine user identity. Kerberos is not enabled.
2. Below is the permission on hdfs folder /data/test

 

drwxrwxr-x - hdfs hadoop 0 2020-02-07 13:33 /data/test

 

So hdfs (the super user) is the owner and hadoop is the owner group. Both the owner user and owner group has write permission on the /data/test folder.

Steps:

On an edge node, I used ID command to confirm that the logged on user "testuser" is in hadoop group.

 

$ id
uid=1018(testuser) gid=1003(hadoop) groups=1003(hadoop),10(wheel), 1002(hdfs) context=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

 

However, testuser still ran into "Permission Denied".

 

$ hadoop fs -put ./emptyfile1.txt /data/test
put: Permission denied: user=testuser, access=WRITE, inode="/data/test":hdfs:hadoop:drwxrwxr-x

 

Then I used hdfs account to changed the folder owner to be testuser.

 

 

$ hadoop fs -chown testuser /data/test

 

 

From the same edge node, now testuser ran put command successfully.

 

Here is my question: why testuser cannot write to the hdfs folder via the owner group permissions?

 

3,610 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank Seaport
Expert Contributor

Created ‎02-19-2020 01:29 PM

Finally, I figured out what is going on. 

The root cause is that, I only set up testuser on edge nodes, not the name node.

I looked into this page, https://hadoop.apache.org/docs/r3.1.1/hadoop-project-dist/hadoop-common/GroupsMapping.html, which shows that "For HDFS, the mapping of users to groups is performed on the NameNode. Thus, the host system configuration of the NameNode determines the group mappings for the users."
 After I created the user on the NameNode and ran the command

hdfs dfsadmin -refreshUserToGroupsMappings

the copy is successful and there is no permission-denied error.

View solution in original post

3,547 Views
3 REPLIES 3

avatar
author-rank GangWar author-rank
Master Guru

Created ‎02-10-2020 11:49 AM

What's the result of below command with respect to test user?

id -Gn testuser

Cheers!
Was your question answered? Make sure to mark the answer as the accepted solution.
If you find a reply useful, say thanks by clicking on the thumbs up button.
3,590 Views
0 Kudos

avatar
author-rank Seaport
Expert Contributor

Created ‎02-10-2020 11:51 AM

@GangWar  Here it is.

$ id -Gn testuser
hadoop wheel hdfs

3,579 Views
0 Kudos

avatar
author-rank Seaport
Expert Contributor

Created ‎02-19-2020 01:29 PM

Finally, I figured out what is going on. 

The root cause is that, I only set up testuser on edge nodes, not the name node.

I looked into this page, https://hadoop.apache.org/docs/r3.1.1/hadoop-project-dist/hadoop-common/GroupsMapping.html, which shows that "For HDFS, the mapping of users to groups is performed on the NameNode. Thus, the host system configuration of the NameNode determines the group mappings for the users."
 After I created the user on the NameNode and ran the command

hdfs dfsadmin -refreshUserToGroupsMappings

the copy is successful and there is no permission-denied error.

3,548 Views
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics 1.14 for Cloudera Pu...
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
View More Announcements