You are viewing a plain text version of this content. The canonical link for it is here.
Posted to mapreduce-user@hadoop.apache.org by "Gangavarapu, Venkata" <Ve...@bcbsa.com> on 2015/07/28 05:18:01 UTC
Restric hdfs user access - security.client.protocol.acl
Hi,
I am tryin to restrict hdfs user access to read/modify hdfs file system. As oart of that I have set below values.
security.client.protocol.acl: yarn,mapred hdpdhdfs
dfs.cluster.administrators : hdpdadmngrp
hdpdhdfsgrp: user1, admin
hdpdadmngrp: hdfs, admin
>From the above settings, I want to achieve my goal of restricting hdfs user access to file system but want hdfs user to perform admin actions such as hdfs dfs dfsadmin/hdadmin.
But I am seeing below error when I try to run hdfs dfsadmin -safemode get
[hdfs@nn ~]$ hdfs dfsadmin -safemode get
safemode: User hdfs@EXAMPLE.COM (auth:KERBEROS) is not authorized for protocol interface org.apache.hadoop.hdfs.protocol.ClientProtocol, expected client Kerberos principal is null
If I include hdfs user under security.client.protocol.acl the error is gone but hdfs user can read/write to hdfs file system.
Please help me out with how to restrict hdfs user access to file system still can perform administrative actions.
Thanks,
Venkat
RE: Restric hdfs user access - security.client.protocol.acl
Posted by "Gangavarapu, Venkata" <Ve...@bcbsa.com>.
Hi folks,
Any suggestion for my below issue?
Thanks,
Venkat
From: Gangavarapu, Venkata
Sent: Monday, July 27, 2015 10:18 PM
To: user@hadoop.apache.org
Subject: Restric hdfs user access - security.client.protocol.acl
Hi,
I am tryin to restrict hdfs user access to read/modify hdfs file system. As oart of that I have set below values.
security.client.protocol.acl: yarn,mapred hdpdhdfs
dfs.cluster.administrators : hdpdadmngrp
hdpdhdfsgrp: user1, admin
hdpdadmngrp: hdfs, admin
>From the above settings, I want to achieve my goal of restricting hdfs user access to file system but want hdfs user to perform admin actions such as hdfs dfs dfsadmin/hdadmin.
But I am seeing below error when I try to run hdfs dfsadmin -safemode get
[hdfs@nn ~]$ hdfs dfsadmin -safemode get
safemode: User hdfs@EXAMPLE.COM<ma...@EXAMPLE.COM> (auth:KERBEROS) is not authorized for protocol interface org.apache.hadoop.hdfs.protocol.ClientProtocol, expected client Kerberos principal is null
If I include hdfs user under security.client.protocol.acl the error is gone but hdfs user can read/write to hdfs file system.
Please help me out with how to restrict hdfs user access to file system still can perform administrative actions.
Thanks,
Venkat
RE: Restric hdfs user access - security.client.protocol.acl
Posted by "Gangavarapu, Venkata" <Ve...@bcbsa.com>.
Hi folks,
Any suggestion for my below issue?
Thanks,
Venkat
From: Gangavarapu, Venkata
Sent: Monday, July 27, 2015 10:18 PM
To: user@hadoop.apache.org
Subject: Restric hdfs user access - security.client.protocol.acl
Hi,
I am tryin to restrict hdfs user access to read/modify hdfs file system. As oart of that I have set below values.
security.client.protocol.acl: yarn,mapred hdpdhdfs
dfs.cluster.administrators : hdpdadmngrp
hdpdhdfsgrp: user1, admin
hdpdadmngrp: hdfs, admin
>From the above settings, I want to achieve my goal of restricting hdfs user access to file system but want hdfs user to perform admin actions such as hdfs dfs dfsadmin/hdadmin.
But I am seeing below error when I try to run hdfs dfsadmin -safemode get
[hdfs@nn ~]$ hdfs dfsadmin -safemode get
safemode: User hdfs@EXAMPLE.COM<ma...@EXAMPLE.COM> (auth:KERBEROS) is not authorized for protocol interface org.apache.hadoop.hdfs.protocol.ClientProtocol, expected client Kerberos principal is null
If I include hdfs user under security.client.protocol.acl the error is gone but hdfs user can read/write to hdfs file system.
Please help me out with how to restrict hdfs user access to file system still can perform administrative actions.
Thanks,
Venkat
RE: Restric hdfs user access - security.client.protocol.acl
Posted by "Gangavarapu, Venkata" <Ve...@bcbsa.com>.
Hi folks,
Any suggestion for my below issue?
Thanks,
Venkat
From: Gangavarapu, Venkata
Sent: Monday, July 27, 2015 10:18 PM
To: user@hadoop.apache.org
Subject: Restric hdfs user access - security.client.protocol.acl
Hi,
I am tryin to restrict hdfs user access to read/modify hdfs file system. As oart of that I have set below values.
security.client.protocol.acl: yarn,mapred hdpdhdfs
dfs.cluster.administrators : hdpdadmngrp
hdpdhdfsgrp: user1, admin
hdpdadmngrp: hdfs, admin
>From the above settings, I want to achieve my goal of restricting hdfs user access to file system but want hdfs user to perform admin actions such as hdfs dfs dfsadmin/hdadmin.
But I am seeing below error when I try to run hdfs dfsadmin -safemode get
[hdfs@nn ~]$ hdfs dfsadmin -safemode get
safemode: User hdfs@EXAMPLE.COM<ma...@EXAMPLE.COM> (auth:KERBEROS) is not authorized for protocol interface org.apache.hadoop.hdfs.protocol.ClientProtocol, expected client Kerberos principal is null
If I include hdfs user under security.client.protocol.acl the error is gone but hdfs user can read/write to hdfs file system.
Please help me out with how to restrict hdfs user access to file system still can perform administrative actions.
Thanks,
Venkat
RE: Restric hdfs user access - security.client.protocol.acl
Posted by "Gangavarapu, Venkata" <Ve...@bcbsa.com>.
Hi folks,
Any suggestion for my below issue?
Thanks,
Venkat
From: Gangavarapu, Venkata
Sent: Monday, July 27, 2015 10:18 PM
To: user@hadoop.apache.org
Subject: Restric hdfs user access - security.client.protocol.acl
Hi,
I am tryin to restrict hdfs user access to read/modify hdfs file system. As oart of that I have set below values.
security.client.protocol.acl: yarn,mapred hdpdhdfs
dfs.cluster.administrators : hdpdadmngrp
hdpdhdfsgrp: user1, admin
hdpdadmngrp: hdfs, admin
>From the above settings, I want to achieve my goal of restricting hdfs user access to file system but want hdfs user to perform admin actions such as hdfs dfs dfsadmin/hdadmin.
But I am seeing below error when I try to run hdfs dfsadmin -safemode get
[hdfs@nn ~]$ hdfs dfsadmin -safemode get
safemode: User hdfs@EXAMPLE.COM<ma...@EXAMPLE.COM> (auth:KERBEROS) is not authorized for protocol interface org.apache.hadoop.hdfs.protocol.ClientProtocol, expected client Kerberos principal is null
If I include hdfs user under security.client.protocol.acl the error is gone but hdfs user can read/write to hdfs file system.
Please help me out with how to restrict hdfs user access to file system still can perform administrative actions.
Thanks,
Venkat