Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

cannot create user directory after kerberos

Solved Go to solution

cannot create user directory after kerberos

Rising Star

Hi there,

 

I just enable Kerberos on my test cluster, however after enabling kerberos, I am not able to create /user/test directory anymore due to permission error.

 


hadoop fs -mkdir /user/test
mkdir: Permission denied: user=admin, access=WRITE, inode="/user":hdfs:supergroup:drwxr-xr-x

 

Anyway to fix it?

 

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions

Re: cannot create user directory after kerberos

Super Guru

@yongie,

 

The Permission Denied message indicates that your hadoop command is authenticating as the user "admin".  As you can see, the user "admin" does not have previlige to write to the /user directory.

 

In order to be able to have non-hdfs user write to that /user directory with the permissions as they are, that "admin" user will need to be a superuser.

 

If you are not interested in having outher users as superusers, then the other option is to kinit as hdfs

Basically, you need to create a user in your KDC with the name "hdfs" and with the userprincipalname hdfs@realm.

 

See this page for details all that I mentioned above:

 

https://www.cloudera.com/documentation/enterprise/latest/topics/cm_sg_s5_hdfs_principal.html

 

Ben

3 REPLIES 3
Highlighted

Re: cannot create user directory after kerberos

Champion

@yongie

 

switch to hdfs user and try again

Re: cannot create user directory after kerberos

Super Guru

@yongie,

 

The Permission Denied message indicates that your hadoop command is authenticating as the user "admin".  As you can see, the user "admin" does not have previlige to write to the /user directory.

 

In order to be able to have non-hdfs user write to that /user directory with the permissions as they are, that "admin" user will need to be a superuser.

 

If you are not interested in having outher users as superusers, then the other option is to kinit as hdfs

Basically, you need to create a user in your KDC with the name "hdfs" and with the userprincipalname hdfs@realm.

 

See this page for details all that I mentioned above:

 

https://www.cloudera.com/documentation/enterprise/latest/topics/cm_sg_s5_hdfs_principal.html

 

Ben

Re: cannot create user directory after kerberos

Rising Star

@bgooley

 

It does the trick by creating hdfs user in kerberos, however, for the proper setup do I need to change the supergroup? and assign user to supergroup?