Support Questions

Find answers, ask questions, and share your expertise

cannot create user directory after kerberos

avatar
Contributor

Hi there,

 

I just enable Kerberos on my test cluster, however after enabling kerberos, I am not able to create /user/test directory anymore due to permission error.

 


hadoop fs -mkdir /user/test
mkdir: Permission denied: user=admin, access=WRITE, inode="/user":hdfs:supergroup:drwxr-xr-x

 

Anyway to fix it?

 

Thanks

1 ACCEPTED SOLUTION

avatar
Master Guru

@yongie,

 

The Permission Denied message indicates that your hadoop command is authenticating as the user "admin".  As you can see, the user "admin" does not have previlige to write to the /user directory.

 

In order to be able to have non-hdfs user write to that /user directory with the permissions as they are, that "admin" user will need to be a superuser.

 

If you are not interested in having outher users as superusers, then the other option is to kinit as hdfs

Basically, you need to create a user in your KDC with the name "hdfs" and with the userprincipalname hdfs@realm.

 

See this page for details all that I mentioned above:

 

https://www.cloudera.com/documentation/enterprise/latest/topics/cm_sg_s5_hdfs_principal.html

 

Ben

View solution in original post

5 REPLIES 5

avatar
Champion

@yongie

 

switch to hdfs user and try again

avatar
Master Guru

@yongie,

 

The Permission Denied message indicates that your hadoop command is authenticating as the user "admin".  As you can see, the user "admin" does not have previlige to write to the /user directory.

 

In order to be able to have non-hdfs user write to that /user directory with the permissions as they are, that "admin" user will need to be a superuser.

 

If you are not interested in having outher users as superusers, then the other option is to kinit as hdfs

Basically, you need to create a user in your KDC with the name "hdfs" and with the userprincipalname hdfs@realm.

 

See this page for details all that I mentioned above:

 

https://www.cloudera.com/documentation/enterprise/latest/topics/cm_sg_s5_hdfs_principal.html

 

Ben

avatar
Contributor

@bgooley

 

It does the trick by creating hdfs user in kerberos, however, for the proper setup do I need to change the supergroup? and assign user to supergroup?

 

 

avatar
Explorer

Ohh My God, This worked 
You are a lifesaver.

 

avatar
Explorer

that worked but when I tried to fire command from admin user (commands like --- hdfs dfs -cp file /user/admin or hdfs dfs -ls /user/)
it's not allowing me 

giving below error

WARN security.UserGroupInformation: PriviledgedActionException as:admin (auth:KERBEROS) cause:javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]