|
|
-
Simple Permissions Question
Time Less 2011-08-25, 00:25
I'm at a loss here. Check out my groups and the directory permissions:
[tellis@laxhadoop1-012 ~] :) groups
tellis hdfs supergroup
[tellis@laxhadoop1-012 ~] :) hadoop fs -mkdir /tmp/hive-tellis
mkdir: org.apache.hadoop.security.AccessControlException: Permission denied:
user=tellis, access=WRITE, inode="/tmp":hdfs:supergroup:drwxrwxr-x
Note that /tmp is hdfs:supergroup:drwxrwxr-x - that is, the "supergroup"
group should be able to write into that dir, and that I am part of that
group, but still I can't write into it.
So now you might wonder... is it possible for tellis to ever create
something inside /tmp? If I chmod 777 /tmp using the hdfs user...
[hdfs@laxhadoop1-012 ~/tmp] :) hadoop fs -chmod 777 /tmp
Then tellis has access to mkdir in /tmp.
[tellis@laxhadoop1-012 ~] :) hadoop fs -mkdir /tmp/hive-tellis
[tellis@laxhadoop1-012 ~] :) echo "confusing permissions issue" | hadoop fs
-put - /tmp/hive-tellis/somefile
[tellis@laxhadoop1-012 ~] :) hadoop fs -cat /tmp/hive-tellis/somefile
confusing permissions issue
I'm really confused. What am I missing?
--
Tim Ellis
Data Architect, Riot Games
-
Re: Simple Permissions Question
Allen Wittenauer 2011-08-25, 05:32
On Aug 24, 2011, at 5:25 PM, Time Less wrote:
> I'm at a loss here. Check out my groups and the directory permissions:
>
> [tellis@laxhadoop1-012 ~] :) groups
> tellis hdfs supergroup
> [tellis@laxhadoop1-012 ~] :) hadoop fs -mkdir /tmp/hive-tellis
> mkdir: org.apache.hadoop.security.AccessControlException: Permission denied:
> user=tellis, access=WRITE, inode="/tmp":hdfs:supergroup:drwxrwxr-x
...
> [hdfs@laxhadoop1-012 ~/tmp] :) hadoop fs -chmod 777 /tmp
>
> Then tellis has access to mkdir in /tmp.
This tells me that you likely aren't getting your group information sent to Hadoop.
> I'm really confused. What am I missing?
What version of Hadoop? Is this a secure version with security on? If you hop on the NameNode, what are your group settings? Certain versions only honor group information from the namenode. This is by design to prevent users lying to Hadoop about their identity.
Also, if I help, do I get some free stuff in LoL? :)
-
Re: Simple Permissions Question
sridhar basam 2011-08-25, 14:49
On Wed, Aug 24, 2011 at 8:25 PM, Time Less <[EMAIL PROTECTED]> wrote:
> I'm at a loss here. Check out my groups and the directory permissions:
>
> [tellis@laxhadoop1-012 ~] :) groups
> tellis hdfs supergroup
> [tellis@laxhadoop1-012 ~] :) hadoop fs -mkdir /tmp/hive-tellis
> mkdir: org.apache.hadoop.security.AccessControlException: Permission
> denied: user=tellis, access=WRITE, inode="/tmp":hdfs:supergroup:drwxrwxr-x
What are your groups on the namenode?
Sridhar
|
|
All projects made searchable here are trademarks of the Apache Software Foundation.
Service operated by
Sematext
