Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search

how to provide hdfs umask to a specific directory

Labels:
avatar
author-rank sgowda
Guru

Created ‎11-17-2016 08:22 AM

Hello,

I need to provide privilege to a directory in hdfs where any sub-directories and files under it are created so that specific user or ( other user ) has write privilege.

i.e. suppose there is a directory /home/santhosh/work -- now any new files/sub-directory that gets created under this directory are created with privileges so that anybody ( other user) can read/write to it.

Can this is achieved with HDFS ACLs, if so how ?

9,107 Views
0 Kudos
4 REPLIES 4

avatar
author-rank sgowda
Guru

Created ‎11-17-2016 09:11 AM

I did try below command

hdfs dfs -setfacl -m default:user:santhosh:rwx /user/santhosh/another1

which basically means user "santhosh" will have "rwx" for sub-directories. created a sub-directory under this dir and a file as hive user using below command

hdfs dfs -mkdir /user/santhosh/another1/test1
hdfs dfs -put sample1 /user/santhosh/another1/test1

However get returns me below result.

[hrt_qa@santhosh-blueprint-test-13 ~]$ hdfs dfs -getfacl -R /user/santhosh/another1

# file: /user/santhosh/another1

# owner: santhosh

# group: hadoop

user::rwx

group::rwx

other::r-x

default:user::rwx

default:user:santhosh:rwx

default:group::r-x

default:mask::rwx

default:other::r-x




# file: /user/santhosh/another1/test1

# owner: hive

# group: hadoop

user::rwx

user:santhosh:rwx	#effective:r-x

group::r-x

mask::r-x

other::r-x

default:user::rwx

default:user:santhosh:rwx

default:group::r-x

default:mask::rwx

default:other::r-x




# file: /user/santhosh/another1/test1/sample

# owner: hive

# group: hadoop

user::rw-

user:santhosh:rwx	#effective:r--

group::r-x	#effective:r--

mask::r--

other::r--

Where for file "sample1" it says as below, so user santhosh has "effective" read permission only and hence unable to delete.

user:santhosh:rwx	#effective:r--
5,596 Views
0 Kudos

avatar
author-rank sshimpi
Super Guru

Created ‎11-24-2016 05:45 AM

@Santhosh B Gowda

For HDFS acl pls check - http://hortonworks.com/blog/hdfs-acls-fine-grained-permissions-hdfs-files-hadoop/

I will suggest to use Ranger for this. It will be very easy to manage and easy for giving authorization to users. Check this - http://hortonworks.com/hadoop-tutorial/manage-security-policy-hive-hbase-knox-ranger/

5,596 Views
0 Kudos

avatar
author-rank sgowda
Guru

Created ‎11-24-2016 05:58 AM

Thanks @Sagar Shimpi for looking into this. I did follow the HDFS ACL link, however could not get it working for the newly created file, basically file doesn't inherit the default ACL of parent directory ( as per my comment#1 ). Not sure whether ACLs will be inherited by files, is Ranger the only solution now ?

5,596 Views
0 Kudos

avatar
author-rank sshimpi
Super Guru

Created ‎11-24-2016 05:59 AM

@Santhosh B Gowda Make sure you have added the property in custom hdfs-site

<property> <name>dfs.namenode.acls.enabled</name> <value>true</value> </property>

5,596 Views
0 Kudos
Announcements
What's New @ Cloudera
[RELEASED] Cloudera Streams Messaging - Kubernetes Operator ...
What's New @ Cloudera
[RELEASED] Cloudera Streaming Analytics 1.14 for Cloudera Pu...
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
View More Announcements