Support Questions

Find answers, ask questions, and share your expertise

Ranger authorization for HDFS - Unable to change ownership of a directory in hdfs

avatar
Master Guru

I have configured once policy for hdfs via ranger. below are the details:

1. Policy configured for user admin

2. User admin can rwx into /user/oozie

3. Point number 2 tested successfully

4. When I went to change ownership of /user/oozie to admin by user admin then it fails with below error

[admin@hdpambari ~]$ hdfs dfs -chown root /user/oozie/test1
chown: changing ownership of '/user/oozie/test1': Non-super user cannot change owner

I know that logically this is correct as user "admin" has rwx access to /user/oozie so no need to change the ownership.

Is my understanding correct ? is there any documentation that points to this ?

1 ACCEPTED SOLUTION

avatar
Rising Star

@Kuldeep Kulkarni, how are you setting user admin as administrator? Is the user admin in dfs.cluster.administrators?

Do you have access to user "hdfs"?

View solution in original post

14 REPLIES 14

avatar
Master Guru

avatar
Master Guru

Just a question for clarification: Can you do a hdfs dfs -ls /user/oozie? If the test1 folder is not owned by user admin ( he only has rwx but is not the owner ), then he cannot change the ownership either. That is the same in Linux. I suppose this is not the case here but I just wanted to clarify

avatar

Agree, you have to be a superuser or the owner to change the owner of a folder. Also see this FSDirAttrOp.java#L73

avatar
Master Guru

@Benjamin Leonhardi - Yes I can do dfs -ls /user/oozie, I can read each and every file, I can write into it. You are correct! its same as Unix.

@Jonas Straub - Thank you for the link. I think only superuser can change the ownership ( current owner also cannot change it)

Unix:

-rwxrwxrwx    1 kkulkarni  staff    39441 Dec 17 08:17 test 
KKs-Mac:~ kkulkarni$
KKs-Mac:~ kkulkarni$ chown root test 
chown: test: Operation not permitted
KKs-Mac:~ kkulkarni$ sudo chown root test 
KKs-Mac:~ kkulkarni$ ls -lrt test
-rwxrwxrwx  1 root  staff  39441 Dec 17 08:17 test 
KKs-Mac:~ kkulkarni$

Same is the case for hdfs.

avatar
Master Guru

avatar
Master Mentor
@Kuldeep Kulkarni

Based on the output in the question , you are logged in as admin user

[admin@hdpambari ~]$ hdfs dfs -chown root /user/oozie/test1

  1. chown: changing ownership of '/user/oozie/test1':Non-super user cannot change owner

test1 is owned by some other user?

avatar
Master Guru

@Neeraj Sabharwal - its owned by admin only

[root@hdpambari yarn]# hadoop fs -ls /user/oozie/test1
-rw-r--r--   3 admin hadoop          0 2015-12-09 21:47 /user/oozie/test1
[root@hdpambari yarn]#

avatar
Rising Star

@Kuldeep Kulkarni, how are you setting user admin as administrator? Is the user admin in dfs.cluster.administrators?

Do you have access to user "hdfs"?

avatar
Master Guru

@bdurai - nopes I have just configured ranger policy and given rwx access to admin user for /user/oozie (recursively)