Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here. Want to know more about what has changed? Check out the Community News blog.

Permission denied. user=<hdfs user> is not the owner of inode=<directory/file name>

Permission denied. user=<hdfs user> is not the owner of inode=<directory/file name>

Cloudera Employee

On CM 5.9 - 4 node cluster with hosts: elephant, horse, monkey & tiger

 

After enabling kerberos, you can no longer impersonate hdfs superuser

For super user access,  dfs_permissions_supergroup was set on CM to hdfsadmin

Then used these commands to add my user (training) to the linux group on host elephant

 

 

sudo groupadd hdfsadmin
sudo usermod -a -G hdfsadmin training

 

 

This worked fine as per the documentation:

 

https://www.cloudera.com/documentation/enterprise/5-9-x/topics/cm_sg_hdfs_su_princ_s15.html

 

When working with the Sentry training materials, one of the steps was to execute:

 

 

hdfs dfs -chown -R hive:hive /user/hive/warehouse

 

Said command failed:

 

training@elephant:~$ kinit training@COE.CLOUDERA.COM
Password for training@COE.CLOUDERA.COM: 
training@elephant:~$ hdfs dfs -chown -R hive:hive /user/hive/warehouse
chown: changing ownership of '/user/hive/warehouse/catalog_test': Permission denied. user=training is not the owner of inode=catalog_test
chown: changing ownership of '/user/hive/warehouse/parquet_table_name': Permission denied. user=training is not the owner of inode=parquet_table_name
chown: changing ownership of '/user/hive/warehouse/statestore_test': Permission denied. user=training is not the owner of inode=statestore_test
chown: changing ownership of '/user/hive/warehouse/t1': Permission denied. user=training is not the owner of inode=t1
chown: changing ownership of '/user/hive/warehouse/t2': Permission denied. user=training is not the owner of inode=t2
chown: changing ownership of '/user/hive/warehouse/test_hue': Permission denied. user=training is not the owner of inode=test_hue
training@elephant:~$ id
uid=1106(training) gid=1106(training) groups=1106(training),10(wheel),1107(hdfsadmin)

After some troubleshooting, we found the master NameNode had failed over to host tiger where hdfsadmin group was not defined causing the problem

 

training@elephant:~$ hdfs groups training
training : training wheel

The problem was resolved by running this command on all hdfs nodes

 

training@elephant:~$ list="lion tiger horse monkey"
training@elephant:~$ for i in ${list}; do ssh -p 443 ${i} "sudo groupadd hdfsadmin; sudo usermod -a -G hdfsadmin training"; echo "Done ${i}"; done
Done lion
Done tiger
Done horse
Done monkey

 

After that, hdfsadmin was recognized for user training and chmod worked!

 

training@elephant:~$ hdfs groups training
training : training wheel hdfsadmin
training@elephant:~$ hdfs dfs -chown -R hive:hive /user/hive/warehouse
training@elephant:~$ hdfs dfs -ls /user/hive/warehouse
Found 6 items
drwxrwxrwt   - hive hive          0 2019-06-18 10:46 /user/hive/warehouse/catalog_test
drwxrwxrwt   - hive hive          0 2019-06-18 23:53 /user/hive/warehouse/parquet_table_name
drwxrwxrwt   - hive hive          0 2019-06-18 11:31 /user/hive/warehouse/statestore_test
drwxrwxrwt   - hive hive          0 2019-06-17 11:18 /user/hive/warehouse/t1
drwxrwxrwt   - hive hive          0 2019-06-17 11:21 /user/hive/warehouse/t2
drwxrwxrwt   - hive hive          0 2019-06-19 07:01 /user/hive/warehouse/test_hue
training@elephant:~$