Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Ranger does not work in fresh installation of ambari hadoop...

Highlighted

Ranger does not work in fresh installation of ambari hadoop...

New Contributor

I have a fresh installation of ambari hadoop. Configured ranger+kerberos. When I try to list a dir under a user I always get an error:

[doopy@nashira ~]$ hadoop fs -ls /user/ambari-qa/
ls: Permission denied: user=doopy, access=READ_EXECUTE, inode="/user/ambari-qa":ambari-qa:hdfs:drwxrwx---
[doopy@nashira ~]$ hadoop fs -ls /user/
Found 5 items
drwxrwx--- - ambari-qa hdfs 0 2018-05-21 17:13 /user/ambari-qa
drwxr-xr-x - hcat hdfs 0 2018-05-21 10:50 /user/hcat
drwxr-xr-x - hive hdfs 0 2018-05-21 10:50 /user/hive
drwxrwxr-x - oozie hdfs 0 2018-05-21 10:51 /user/oozie
drwxrwxr-x - spark hdfs 0 2018-05-21 10:47 /user/spark
[doopy@nashira ~]$

doopy - is a unix user. It has a policy in ranger that allow him to list that dir. I realize that this user does not have fs right to list that dir but as far I understand that ranger' policy should allow doopy to list /user/ambari-qa dir.

Please help me to find where I'm wrong?

Thanks in advance!

2 REPLIES 2

Re: Ranger does not work in fresh installation of ambari hadoop...

@Vitaliy Kalinichenko Yes, the Ranger policy should "override" the HDFS permissions. Can you share a screenshot of the policy you have created to allows the doopy user to access /user/ambari-qa? Is the policy enabled? Has the Ranger HDFS plugin sync'd with Ranger?

Re: Ranger does not work in fresh installation of ambari hadoop...

New Contributor

Hello Michael,

Thanks for the answer!

Please find requested screens attached. ranger-policy.pngranger-hdfs-plugin-properties.pngranger-plugin-properties.png