Welcome to the Cloudera Community

Announcements
Celebrating as our community reaches 100,000 members! Thank you!

Who agreed with this topic

HDFS ACL Inheritance

avatar
Explorer

Hi All,

 

I'm on CDH 5.3 with Sentry enabled. I have a directory with permissions set as follows:

 

[root@node1 /]# h -getfacl /directory1
# file: /directory1
# owner: hive
# group: hive
user::rwx
group::rwx
other::--x
group::CLIENTA:rwx
default:user::rwx
default:group::rwx
default:group:CLIENTA:rwx
default:mask::rwx
default:other::---

 

if I put a file here it gets created with the below permissions.

 

[root@node1 /]# h -getfacl /directory1/test
# file: /directory1/test
# owner: client_user
# group: hive
user::rw-
group::rwx #effective:r--
group:CLIENTA:rwx #effective:r--
mask::r--
other::---

 and any directory I create looks like, which means the group can't write to this.

 

[root@node1 /]# h -getfacl /directory1/testd
# file: /directory1/testd
# owner: client_user
# group: hive
user::rwx
group::rwx      #effective:r-x
group:CLIENTA:rwx        #effective:r-x
mask::r-x
other::---
default:user::rwx
default:group::rwx
default:group:CLIENTA:rwx
default:mask::rwx
default:other::---

 So the mask setting is not getting inherited, overriding the default ACLS I have set.

 

I am only using hdfs dfs commands.

 

Can anyone help me either avoid the mask being set like this, or ensure that the permissions are inherited?

 

Thanks!

 

 

Who agreed with this topic