I have a ranger policy for a HDFS resource that looks like...
Now trying to access that HDFS path via hadoop fs <path to the hdfs location>
as two different users:
# as an unauthorized user
[ml1@HW04 ml1c]$ hadoop fs -ls <path to the hdfs location>
ls: Permission denied: user=ml1, access=EXECUTE, inode="<path to the hdfs location>"
# as an authorized user
[hph_etl@HW04 hph_etl]$ hadoop fs -ls <path to the hdfs location>
Found 4 items
drwxrwxr-x - hph_etl hph_etl 0 2019-07-31 15:13 <path to the hdfs location>
drwxrwxr-x - hph_etl hph_etl 0 2019-08-07 10:52 <path to the hdfs location>
drwxrwxr-x - hph_etl hph_etl 0 2019-07-31 14:28 <path to the hdfs location>
drwxrwxr-x - hph_etl hph_etl 0 2019-07-26 16:12 <path to the hdfs location>
which works as expected. Now trying via ls -lh <nfs path to the hdfs location>
on the local file system:
# as an unauthorized user
[ml1@HW04 ml1c]$ ls -lh <nfs path to the hdfs location>
total 2.0K
drwxrwxr-x. 4 hph_etl hph_etl 128 Jul 31 15:13 export
drwxrwxr-x. 5 hph_etl hph_etl 160 Aug 7 10:52 import
drwxrwxr-x. 5 hph_etl hph_etl 160 Jul 31 14:28 storage
drwxrwxr-x. 3 hph_etl hph_etl 96 Jul 26 16:12 tests
# as an authorized user
[hph_etl@HW04 hph_etl]$ ls -lh <nfs path to the hdfs location>
total 2.0K
drwxrwxr-x. 4 hph_etl hph_etl 128 Jul 31 15:13 export
drwxrwxr-x. 5 hph_etl hph_etl 160 Aug 7 10:52 import
drwxrwxr-x. 5 hph_etl hph_etl 160 Jul 31 14:28 storage
drwxrwxr-x. 3 hph_etl hph_etl 96 Jul 26 16:12 tests
we see both users were able to access the HDFS location when doing so via NFS (even though only the hph_etl
user should have been able to). Anyone know what's going on here? Any debugging tips or fixes?