Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: The Cloudera Community will undergo maintenance on Saturday, August 17 at 12:00am PDT. See more info here.

Permission denied. user=<hdfs user> is not the owner of inode=<directory/file name>

Highlighted

Permission denied. user=<hdfs user> is not the owner of inode=<directory/file name>

Cloudera Employee

On CM 5.9 - 4 node cluster with hosts: elephant, horse, monkey & tiger

 

After enabling kerberos, you can no longer impersonate hdfs superuser

For super user access,  dfs_permissions_supergroup was set on CM to hdfsadmin

Then used these commands to add my user (training) to the linux group on host elephant

 

 

sudo groupadd hdfsadmin
sudo usermod -a -G hdfsadmin training

 

 

This worked fine as per the documentation:

 

https://www.cloudera.com/documentation/enterprise/5-9-x/topics/cm_sg_hdfs_su_princ_s15.html

 

When working with the Sentry training materials, one of the steps was to execute:

 

 

hdfs dfs -chown -R hive:hive /user/hive/warehouse

 

Said command failed:

 

training@elephant:~$ kinit training@COE.CLOUDERA.COM
Password for training@COE.CLOUDERA.COM: 
training@elephant:~$ hdfs dfs -chown -R hive:hive /user/hive/warehouse
chown: changing ownership of '/user/hive/warehouse/catalog_test': Permission denied. user=training is not the owner of inode=catalog_test
chown: changing ownership of '/user/hive/warehouse/parquet_table_name': Permission denied. user=training is not the owner of inode=parquet_table_name
chown: changing ownership of '/user/hive/warehouse/statestore_test': Permission denied. user=training is not the owner of inode=statestore_test
chown: changing ownership of '/user/hive/warehouse/t1': Permission denied. user=training is not the owner of inode=t1
chown: changing ownership of '/user/hive/warehouse/t2': Permission denied. user=training is not the owner of inode=t2
chown: changing ownership of '/user/hive/warehouse/test_hue': Permission denied. user=training is not the owner of inode=test_hue
training@elephant:~$ id
uid=1106(training) gid=1106(training) groups=1106(training),10(wheel),1107(hdfsadmin)

After some troubleshooting, we found the master NameNode had failed over to host tiger where hdfsadmin group was not defined causing the problem

 

training@elephant:~$ hdfs groups training
training : training wheel

The problem was resolved by running this command on all hdfs nodes

 

training@elephant:~$ list="lion tiger horse monkey"
training@elephant:~$ for i in ${list}; do ssh -p 443 ${i} "sudo groupadd hdfsadmin; sudo usermod -a -G hdfsadmin training"; echo "Done ${i}"; done
Done lion
Done tiger
Done horse
Done monkey

 

After that, hdfsadmin was recognized for user training and chmod worked!

 

training@elephant:~$ hdfs groups training
training : training wheel hdfsadmin
training@elephant:~$ hdfs dfs -chown -R hive:hive /user/hive/warehouse
training@elephant:~$ hdfs dfs -ls /user/hive/warehouse
Found 6 items
drwxrwxrwt   - hive hive          0 2019-06-18 10:46 /user/hive/warehouse/catalog_test
drwxrwxrwt   - hive hive          0 2019-06-18 23:53 /user/hive/warehouse/parquet_table_name
drwxrwxrwt   - hive hive          0 2019-06-18 11:31 /user/hive/warehouse/statestore_test
drwxrwxrwt   - hive hive          0 2019-06-17 11:18 /user/hive/warehouse/t1
drwxrwxrwt   - hive hive          0 2019-06-17 11:21 /user/hive/warehouse/t2
drwxrwxrwt   - hive hive          0 2019-06-19 07:01 /user/hive/warehouse/test_hue
training@elephant:~$