You are viewing a plain text version of this content. The canonical link for it is here.
Posted to mapreduce-user@hadoop.apache.org by Pratik Gadiya <pr...@persistent.com> on 2015/07/07 18:38:40 UTC
Grant privileges on / of hdfs file system
Hi,
Can anyone provide me steps to grant a particular user access equivalnent to that of "hdfs" user in hadoop.
The reason behind this is I want to have my custom user who can create anything on the entire hdfs file system (/)
I tried couple of links however, none of them were useful.
Is there any way by adding/modifying some property tags I can do that ?
With Regards,
Pratik
DISCLAIMER
==========
This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails.
Re: Grant privileges on / of hdfs file system
Posted by Chris Nauroth <cn...@hortonworks.com>.
Hello Pratik,
The "hdfs" user (more specifically, whatever user launched the NameNode process) is the HDFS super-user. The super-user has full access to the file system and also administrative operations. You can declare additional users to be super-users by setting property dfs.permissions.superusergroup in hdfs-site.xml. The default value of this property is "supergroup".
<property>
<name>dfs.permissions.superusergroup</name>
<value>supergroup</value>
<description>The name of the group of super-users.</description>
</property>
Any user you add to group "supergroup" (or whatever custom group you use if you decided to change dfs.permissions.superusergroup) will be treated as an HDFS super-user.
It's important to keep in mind that this grants both full file system access and full administrative access. That means the user would be able to call sensitive operations like "hdfs dfsadmin -safemode enter". If this isn't appropriate, then you might explore using file system permissions and ACLs to implement your requirements on the file system only.
More details are in the documentation here:
http://hadoop.apache.org/docs/r2.7.0/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html
I hope this helps.
--Chris Nauroth
From: Pratik Gadiya <pr...@persistent.com>>
Reply-To: "user@hadoop.apache.org<ma...@hadoop.apache.org>" <us...@hadoop.apache.org>>
Date: Tuesday, July 7, 2015 at 9:38 AM
To: "user@hadoop.apache.org<ma...@hadoop.apache.org>" <us...@hadoop.apache.org>>
Subject: Grant privileges on / of hdfs file system
Hi,
Can anyone provide me steps to grant a particular user access equivalnent to that of "hdfs" user in hadoop.
The reason behind this is I want to have my custom user who can create anything on the entire hdfs file system (/)
I tried couple of links however, none of them were useful.
Is there any way by adding/modifying some property tags I can do that ?
With Regards,
Pratik
DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails.
Re: Grant privileges on / of hdfs file system
Posted by Chris Nauroth <cn...@hortonworks.com>.
Hello Pratik,
The "hdfs" user (more specifically, whatever user launched the NameNode process) is the HDFS super-user. The super-user has full access to the file system and also administrative operations. You can declare additional users to be super-users by setting property dfs.permissions.superusergroup in hdfs-site.xml. The default value of this property is "supergroup".
<property>
<name>dfs.permissions.superusergroup</name>
<value>supergroup</value>
<description>The name of the group of super-users.</description>
</property>
Any user you add to group "supergroup" (or whatever custom group you use if you decided to change dfs.permissions.superusergroup) will be treated as an HDFS super-user.
It's important to keep in mind that this grants both full file system access and full administrative access. That means the user would be able to call sensitive operations like "hdfs dfsadmin -safemode enter". If this isn't appropriate, then you might explore using file system permissions and ACLs to implement your requirements on the file system only.
More details are in the documentation here:
http://hadoop.apache.org/docs/r2.7.0/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html
I hope this helps.
--Chris Nauroth
From: Pratik Gadiya <pr...@persistent.com>>
Reply-To: "user@hadoop.apache.org<ma...@hadoop.apache.org>" <us...@hadoop.apache.org>>
Date: Tuesday, July 7, 2015 at 9:38 AM
To: "user@hadoop.apache.org<ma...@hadoop.apache.org>" <us...@hadoop.apache.org>>
Subject: Grant privileges on / of hdfs file system
Hi,
Can anyone provide me steps to grant a particular user access equivalnent to that of "hdfs" user in hadoop.
The reason behind this is I want to have my custom user who can create anything on the entire hdfs file system (/)
I tried couple of links however, none of them were useful.
Is there any way by adding/modifying some property tags I can do that ?
With Regards,
Pratik
DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails.
Re: Grant privileges on / of hdfs file system
Posted by Chris Nauroth <cn...@hortonworks.com>.
Hello Pratik,
The "hdfs" user (more specifically, whatever user launched the NameNode process) is the HDFS super-user. The super-user has full access to the file system and also administrative operations. You can declare additional users to be super-users by setting property dfs.permissions.superusergroup in hdfs-site.xml. The default value of this property is "supergroup".
<property>
<name>dfs.permissions.superusergroup</name>
<value>supergroup</value>
<description>The name of the group of super-users.</description>
</property>
Any user you add to group "supergroup" (or whatever custom group you use if you decided to change dfs.permissions.superusergroup) will be treated as an HDFS super-user.
It's important to keep in mind that this grants both full file system access and full administrative access. That means the user would be able to call sensitive operations like "hdfs dfsadmin -safemode enter". If this isn't appropriate, then you might explore using file system permissions and ACLs to implement your requirements on the file system only.
More details are in the documentation here:
http://hadoop.apache.org/docs/r2.7.0/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html
I hope this helps.
--Chris Nauroth
From: Pratik Gadiya <pr...@persistent.com>>
Reply-To: "user@hadoop.apache.org<ma...@hadoop.apache.org>" <us...@hadoop.apache.org>>
Date: Tuesday, July 7, 2015 at 9:38 AM
To: "user@hadoop.apache.org<ma...@hadoop.apache.org>" <us...@hadoop.apache.org>>
Subject: Grant privileges on / of hdfs file system
Hi,
Can anyone provide me steps to grant a particular user access equivalnent to that of "hdfs" user in hadoop.
The reason behind this is I want to have my custom user who can create anything on the entire hdfs file system (/)
I tried couple of links however, none of them were useful.
Is there any way by adding/modifying some property tags I can do that ?
With Regards,
Pratik
DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails.
Re: Grant privileges on / of hdfs file system
Posted by Chris Nauroth <cn...@hortonworks.com>.
Hello Pratik,
The "hdfs" user (more specifically, whatever user launched the NameNode process) is the HDFS super-user. The super-user has full access to the file system and also administrative operations. You can declare additional users to be super-users by setting property dfs.permissions.superusergroup in hdfs-site.xml. The default value of this property is "supergroup".
<property>
<name>dfs.permissions.superusergroup</name>
<value>supergroup</value>
<description>The name of the group of super-users.</description>
</property>
Any user you add to group "supergroup" (or whatever custom group you use if you decided to change dfs.permissions.superusergroup) will be treated as an HDFS super-user.
It's important to keep in mind that this grants both full file system access and full administrative access. That means the user would be able to call sensitive operations like "hdfs dfsadmin -safemode enter". If this isn't appropriate, then you might explore using file system permissions and ACLs to implement your requirements on the file system only.
More details are in the documentation here:
http://hadoop.apache.org/docs/r2.7.0/hadoop-project-dist/hadoop-hdfs/HdfsPermissionsGuide.html
I hope this helps.
--Chris Nauroth
From: Pratik Gadiya <pr...@persistent.com>>
Reply-To: "user@hadoop.apache.org<ma...@hadoop.apache.org>" <us...@hadoop.apache.org>>
Date: Tuesday, July 7, 2015 at 9:38 AM
To: "user@hadoop.apache.org<ma...@hadoop.apache.org>" <us...@hadoop.apache.org>>
Subject: Grant privileges on / of hdfs file system
Hi,
Can anyone provide me steps to grant a particular user access equivalnent to that of "hdfs" user in hadoop.
The reason behind this is I want to have my custom user who can create anything on the entire hdfs file system (/)
I tried couple of links however, none of them were useful.
Is there any way by adding/modifying some property tags I can do that ?
With Regards,
Pratik
DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Ltd. does not accept any liability for virus infected mails.