Support Questions
Find answers, ask questions, and share your expertise
Announcements
Check out our newest addition to the community, the Cloudera Innovation Accelerator group hub.

Where to add dfs.namenode.acls.enabled for ACLS in HDP 2.4?

Expert Contributor

Hi Guys,

I downloaded 2.4 sandbox today and was trying see how ACLs work and found that we ned to enable dfs.namenode.acls.enabled to true in hdfs-site.xml.

I am adding the following block in the hdfs-site.xml under "/usr/hdp/current/hadoop-client/conf" .also tried adding the property in /etc/hadoop/conf/hdfs-site.xml .

After that I am logging to Ambari with Admin and restarting HDFS services. But still I see the error message "The ACL operation has been rejected. Support for ACLS have been disabled by setting dfs.namenode.acls.enabled to false"

Could you please guide me what's going wrong here?

Referring : Hortonworks Official Blog : https://hortonworks.com/blog/hdfs-acls-fine-grained-permissions-hdfs-files-hadoop/

8 REPLIES 8

Explorer

It's the hdfs-site.xml file to change for sure.

I think /usr/hdp/current/hadoop-client/conf may not be the right place on your sandbox. Did you try /etc/hadoop/conf or some places alike?

Expert Contributor

@mliu, I checked in the "/etc/hadoop/conf/hdfs-site.xml" and same property (dfs.namenode.acls.enabled) is set to true. But still I get the same error.

@Smart Solutions

The sandbox uses Ambari to manage the configurations. Updating the files directly will only get overwritten by Ambari. If you want to add a value to the hdfs-site file, you can go to HDFS -> Configs -> Advanced -> Custom hdfs-site.xml and add a property.

A better way to manage ACLs and access in HDP is to install Ranger (already installed on the Sandbox). You can assign privileges via a UI. It makes it much easier to manage. Of course, in a production environment you will want to enable Kerberos on your system to provide authentication facilities.

Expert Contributor

@emaxwell

I've also added "dfs.namenode.acls.enabled" to true in Ambari->HDFS->Config->Advance tab->Custom hdfs-site.xml and their restarted HDFS services through Ambari but it does not help too.!! It was surprising for me.

Expert Contributor

In prod yes, we use Ranger, and it has been setup and working as expected.

But for the sake of learning, I am checking the place where we can add the property and test.

Expert Contributor

New Contributor

Hi, I faced the same problem in HDPCA practice lab and also in real exam. Unfortunately I couldn't perform the task even after trying above said possibilities. 😞

Contributor

Here is the path to add hdfs acls through Ambari

HDFS-> Configs -> Advance -> Custom HDFS-site -> Add property -> add below and save changes

dfs.namenode.acls.enabled

Restsart all required services