Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Where to add dfs.namenode.acls.enabled for ACLS in HDP 2.4?

Where to add dfs.namenode.acls.enabled for ACLS in HDP 2.4?

Expert Contributor

Hi Guys,

I downloaded 2.4 sandbox today and was trying see how ACLs work and found that we ned to enable dfs.namenode.acls.enabled to true in hdfs-site.xml.

I am adding the following block in the hdfs-site.xml under "/usr/hdp/current/hadoop-client/conf" .also tried adding the property in /etc/hadoop/conf/hdfs-site.xml .

After that I am logging to Ambari with Admin and restarting HDFS services. But still I see the error message "The ACL operation has been rejected. Support for ACLS have been disabled by setting dfs.namenode.acls.enabled to false"

Could you please guide me what's going wrong here?

Referring : Hortonworks Official Blog : https://hortonworks.com/blog/hdfs-acls-fine-grained-permissions-hdfs-files-hadoop/

8 REPLIES 8

Re: Where to add dfs.namenode.acls.enabled for ACLS in HDP 2.4?

New Contributor

It's the hdfs-site.xml file to change for sure.

I think /usr/hdp/current/hadoop-client/conf may not be the right place on your sandbox. Did you try /etc/hadoop/conf or some places alike?

Re: Where to add dfs.namenode.acls.enabled for ACLS in HDP 2.4?

Expert Contributor

@mliu, I checked in the "/etc/hadoop/conf/hdfs-site.xml" and same property (dfs.namenode.acls.enabled) is set to true. But still I get the same error.

Re: Where to add dfs.namenode.acls.enabled for ACLS in HDP 2.4?

@Smart Solutions

The sandbox uses Ambari to manage the configurations. Updating the files directly will only get overwritten by Ambari. If you want to add a value to the hdfs-site file, you can go to HDFS -> Configs -> Advanced -> Custom hdfs-site.xml and add a property.

A better way to manage ACLs and access in HDP is to install Ranger (already installed on the Sandbox). You can assign privileges via a UI. It makes it much easier to manage. Of course, in a production environment you will want to enable Kerberos on your system to provide authentication facilities.

Re: Where to add dfs.namenode.acls.enabled for ACLS in HDP 2.4?

Expert Contributor

@emaxwell

I've also added "dfs.namenode.acls.enabled" to true in Ambari->HDFS->Config->Advance tab->Custom hdfs-site.xml and their restarted HDFS services through Ambari but it does not help too.!! It was surprising for me.

Re: Where to add dfs.namenode.acls.enabled for ACLS in HDP 2.4?

Expert Contributor

In prod yes, we use Ranger, and it has been setup and working as expected.

But for the sake of learning, I am checking the place where we can add the property and test.

Highlighted

Re: Where to add dfs.namenode.acls.enabled for ACLS in HDP 2.4?

Expert Contributor

Re: Where to add dfs.namenode.acls.enabled for ACLS in HDP 2.4?

New Contributor

Hi, I faced the same problem in HDPCA practice lab and also in real exam. Unfortunately I couldn't perform the task even after trying above said possibilities. :(

Re: Where to add dfs.namenode.acls.enabled for ACLS in HDP 2.4?

Contributor

Here is the path to add hdfs acls through Ambari

HDFS-> Configs -> Advance -> Custom HDFS-site -> Add property -> add below and save changes

dfs.namenode.acls.enabled

Restsart all required services