Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

cannot create user directory after kerberos

Labels:
avatar
author-rank yongie
Contributor

Created on ‎07-24-2018 12:36 AM - last edited on ‎07-24-2018 07:21 AM by Community Manager Community Manager

Hi there,

 

I just enable Kerberos on my test cluster, however after enabling kerberos, I am not able to create /user/test directory anymore due to permission error.

 


hadoop fs -mkdir /user/test
mkdir: Permission denied: user=admin, access=WRITE, inode="/user":hdfs:supergroup:drwxr-xr-x

 

Anyway to fix it?

 

Thanks

5,116 Views
0 Kudos
1 ACCEPTED SOLUTION

avatar
author-rank bgooley author-rank
Master Guru

Created ‎07-24-2018 12:15 PM

@yongie,

 

The Permission Denied message indicates that your hadoop command is authenticating as the user "admin".  As you can see, the user "admin" does not have previlige to write to the /user directory.

 

In order to be able to have non-hdfs user write to that /user directory with the permissions as they are, that "admin" user will need to be a superuser.

 

If you are not interested in having outher users as superusers, then the other option is to kinit as hdfs

Basically, you need to create a user in your KDC with the name "hdfs" and with the userprincipalname hdfs@realm.

 

See this page for details all that I mentioned above:

 

https://www.cloudera.com/documentation/enterprise/latest/topics/cm_sg_s5_hdfs_principal.html

 

Ben

View solution in original post

5,070 Views
0 Kudos
5 REPLIES 5

avatar
saranvisa author-rank
Champion

Created ‎07-24-2018 02:09 AM

@yongie

 

switch to hdfs user and try again

5,101 Views
0 Kudos

avatar
author-rank bgooley author-rank
Master Guru

Created ‎07-24-2018 12:15 PM

@yongie,

 

The Permission Denied message indicates that your hadoop command is authenticating as the user "admin".  As you can see, the user "admin" does not have previlige to write to the /user directory.

 

In order to be able to have non-hdfs user write to that /user directory with the permissions as they are, that "admin" user will need to be a superuser.

 

If you are not interested in having outher users as superusers, then the other option is to kinit as hdfs

Basically, you need to create a user in your KDC with the name "hdfs" and with the userprincipalname hdfs@realm.

 

See this page for details all that I mentioned above:

 

https://www.cloudera.com/documentation/enterprise/latest/topics/cm_sg_s5_hdfs_principal.html

 

Ben

5,071 Views
0 Kudos

avatar
author-rank yongie
Contributor

Created ‎07-27-2018 12:17 AM

@bgooley

 

It does the trick by creating hdfs user in kerberos, however, for the proper setup do I need to change the supergroup? and assign user to supergroup?

 

 

5,014 Views
0 Kudos

avatar
author-rank adiz
Explorer

Created ‎03-19-2021 12:37 PM

Ohh My God, This worked 
You are a lifesaver.

 

3,040 Views
0 Kudos

avatar
author-rank adiz
Explorer

Created ‎03-19-2021 12:49 PM

that worked but when I tried to fire command from admin user (commands like --- hdfs dfs -cp file /user/admin or hdfs dfs -ls /user/)
it's not allowing me 

giving below error

WARN security.UserGroupInformation: PriviledgedActionException as:admin (auth:KERBEROS) cause:javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]

3,037 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements