Support Questions

KuldeepK · ‎12-16-2015

I have configured once policy for hdfs via ranger. below are the details:

1. Policy configured for user admin

2. User admin can rwx into /user/oozie

3. Point number 2 tested successfully

4. When I went to change ownership of /user/oozie to admin by user admin then it fails with below error

[admin@hdpambari ~]$ hdfs dfs -chown root /user/oozie/test1
chown: changing ownership of '/user/oozie/test1': Non-super user cannot change owner

I know that logically this is correct as user "admin" has rwx access to /user/oozie so no need to change the ownership.

Is my understanding correct ? is there any documentation that points to this ?

bdurai · ‎12-17-2015

@Kuldeep Kulkarni, how are you setting user admin as administrator? Is the user admin in dfs.cluster.administrators?

Do you have access to user "hdfs"?

View solution in original post

KuldeepK · ‎12-16-2015

@Arti Wadhwani

bleonhardi · ‎12-16-2015

Just a question for clarification: Can you do a hdfs dfs -ls /user/oozie? If the test1 folder is not owned by user admin ( he only has rwx but is not the owner ), then he cannot change the ownership either. That is the same in Linux. I suppose this is not the case here but I just wanted to clarify

jstraub · ‎12-16-2015

Agree, you have to be a superuser or the owner to change the owner of a folder. Also see this FSDirAttrOp.java#L73

KuldeepK · ‎12-17-2015

@Benjamin Leonhardi - Yes I can do dfs -ls /user/oozie, I can read each and every file, I can write into it. You are correct! its same as Unix.

@Jonas Straub - Thank you for the link. I think only superuser can change the ownership ( current owner also cannot change it)

Unix:

-rwxrwxrwx    1 kkulkarni  staff    39441 Dec 17 08:17 test 
KKs-Mac:~ kkulkarni$
KKs-Mac:~ kkulkarni$ chown root test 
chown: test: Operation not permitted

KKs-Mac:~ kkulkarni$ sudo chown root test 
KKs-Mac:~ kkulkarni$ ls -lrt test
-rwxrwxrwx  1 root  staff  39441 Dec 17 08:17 test 
KKs-Mac:~ kkulkarni$

Same is the case for hdfs.

KuldeepK · ‎12-17-2015

@mkhandekar

nsabharwal · ‎12-17-2015

@Kuldeep Kulkarni

Based on the output in the question , you are logged in as admin user

[admin@hdpambari ~]$ hdfs dfs -chown root /user/oozie/test1

chown: changing ownership of '/user/oozie/test1':Non-super user cannot change owner

test1 is owned by some other user?

KuldeepK · ‎12-17-2015

@Neeraj Sabharwal - its owned by admin only

[root@hdpambari yarn]# hadoop fs -ls /user/oozie/test1
-rw-r--r--   3 admin hadoop          0 2015-12-09 21:47 /user/oozie/test1
[root@hdpambari yarn]#

bdurai · ‎12-17-2015

@Kuldeep Kulkarni, how are you setting user admin as administrator? Is the user admin in dfs.cluster.administrators?

Do you have access to user "hdfs"?

KuldeepK · ‎12-17-2015

@bdurai - nopes I have just configured ranger policy and given rwx access to admin user for /user/oozie (recursively)

Cloudera Community

Support Questions

Ranger authorization for HDFS - Unable to change ownership of a directory in hdfs

How to Move or Change HDFS DataNode Directories

HDF 2.x/3.0: Enable Ranger authorization for HDF c...

Best Practices In HDFS Authorization with Apache R...

HDF 2.0 and Beyond - Integrating Secured NiFi with...

How HDFS Apply Ranger Policies

Using HDFS-FUSE for POSIX directory mounts

Apache Ranger and HDFS

HDF 2.0 - Defining NiFi Policies in Ranger

How to change Ranger Admin, Usersync, Tagsync Log ...

Ranger User Variables use for HDFS policies