About muthukumar_siva

muthukumar_siva · ‎01-16-2018

@Geoffrey Shelton Okot Thanks will close the thread. Yes the steps are verified multiple times and we end up with that error. We have not subscribed for even hortonworks basic support, because of this risk we have not upgraded. In case we stuck up with some issues there is no one to help. Client is aware of this.

muthukumar_siva · ‎01-15-2018

@Geoffrey Shelton Okot Sorry was stuck up in few issues and missed to reply. Yes the steps you have mentioned all followed. I was getting the error which i have shown in my first post. Hence i initialized this thread and you have provided the same steps which i have followed. Not sure what is wrong or some bug ? When ran with user A or B who are part of data_team in ACL. 😞 "$ hadoop fs -ls /abc/month=12 ls: Permission denied: user=A, access=EXECUTE, inode="/abc/month=12":abiuser:dfsusers:drwxrwx---"

muthukumar_siva · ‎01-11-2018

@Sandeep Kumar Yes, I have referred those documents already and set as required. Problem is it is not allowing the user to read the file which got a proper permission in ACL. You may go through my initial postings with the steps. Thank you

muthukumar_siva · ‎01-11-2018

@Geoffrey Shelton Okot First of all thanks for your time and outputs, samething been done with only one difference. I have given acl permission for the group data_team with r-x instead of individual users. In future there will be a requirement for other users to get only read access which I can do by just adding them to the group data_team in Linux. Hope this also should work. Below is the command I have used. hdfs dfs -setfacl -m -R group:data_team:r-x /abc/month=12 Could you create different file with abiuser as owner and dfsusers as group and add ACL for the group data_team with just read permission? Thank you.

muthukumar_siva · ‎01-10-2018

@Geoffrey Shelton Okot 1. ACL feature is enabled by adding the below entry in custom hdfs-site.xml file and restarted the required services from ambari console. <property> <name>dfs.namenode.acls.enabled</name> <value>true</value> </property> 2. I gave sample as A and B user and they have been added to the group data_team (on Linux level), they are not abiuser. abiuser is the owner of the file. dfsusers is the group of that file (/abc/month=12/file1.bcsf). ACL permission added for the group data_team using the below command. hdfs dfs -setfacl -m -R group:data_team:r-x /abc/month=12/ 3. Above setup is done, but still user A and B not able to read or access the files where ACL permission been given.

muthukumar_siva · ‎01-08-2018

Dear all, I have enabled ACL on the ambari console and restarted the required services and I'm able to set the permissions for specific group as well. But when they try to execute it is not working. Need your suggestions. My HDP version is 2.4 and hadoop 2.7. getfacl permission on the folder and file is: $ hdfs dfs -getfacl -R /abc/month=12/ # file: /abc/month=12 # owner: abiuser # group: dfsusers user::rwx group::r-x group:data_team:r-- mask::r-x other::--- default:user::rwx default:group::r-x default:group:data_team:r-x default:mask::r-x default:other::--- # file: /abc/month=12/file1.bcsf # owner: abiuser # group: dfsusers user::rwx group::r-- group:data_team:r-- mask::r-- other::--- user A and B are part of data_team, when they try to read the file we are getting the below error. $ hadoop fs -ls /abc/month=12 ls: Permission denied: user=A, access=EXECUTE, inode="/abc/month=12":abiuser:dfsusers:drwxrwx--- Appreciate any suggestion / help? Thank you

muthukumar_siva · ‎11-21-2016

@Kuldeep Kulkarni Thanks for your comment, we were using hdp 2.4 & hadoop 2.7.2. Not sure this feature is in there with this version. I enabled read only permission for .Trash folder for the users. Also i was having snapshop enabled for a directory, which is not protective enough as we can able to delete the folders inside a snapshot directory. May be upgrade would be the last option to explore and use it. Thank you much for the comments.

muthukumar_siva · ‎11-18-2016

Very nice article. If you got step by step procedure with pre-requisites,could you pls fwd to me (muthukumar.siva@gmail.com) i would like to implement in my environment. Thank you in advance.

muthukumar_siva · ‎11-16-2016

Hi All, Is there a way to prevent a hdfs directory owner to run hadoop rm command? Like user1 is the owner of the hdfs directory /app/user1/ and got other folders and files under it. If he runs hadoop fs -rm -R (or just rm) /app/user1 it should fail. Is there a better way to prevent it?

muthukumar_siva · ‎10-13-2016

@slachterman Above one is for AWS instances as we have been using credentials with the command. For on-prem setup I would need to check. One thing I know is when we setup the onprem servers with AWS CLI installation, we can run aws configure command to provide the credentials once and there on we can run the aws s3 commands from the command line to access AWS S3 (provided we have setup things in AWS end like IAM user creation and bucket policy etc). But with hadoop distcp the one you provided is the solution. May be we can check with AWS guys if there is an option with role based from on-prem.

Online	Offline
Last Visited	‎08-20-2018 04:25 AM

Member Since	‎06-07-2016 04:49 AM
Last Visited	‎08-20-2018 04:25 AM
Posts	81
Kudos received	3

Cloudera Community

Re: History server dont start after Cluster instal...

Re: What ports need to be open between edge, name ...

Re: HDP 2.6.4.0 cluster creation is getting failed...

Re: HDFS Backup to AWS S3 without Keys error

Re: Unable to connect to server error while loggin...

Re: ACLs are enabled and applied but not working

Re: ACLs are enabled and applied but not working

Re: ACLs are enabled and applied but not working

Re: ACLs are enabled and applied but not working

Re: ACLs are enabled and applied but not working

ACLs are enabled and applied but not working

Re: Is there a way to prevent a hdfs directory own...

Re: Ranger Audit Analytics with NiFi and Zeppelin

Is there a way to prevent a hdfs directory owner t...

Re: Using Hadoop Credential API to store AWS secre...