You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user-zh@hadoop.apache.org by igyu <ig...@21cn.com> on 2021/09/15 01:26:00 UTC

关于权限问题

我的hadoop启用了kerberos 并与ldap集成

我用kinit 切到jztwk上去创建了一个目录 /user/jztwk
然后我用kinit 切到testldap上去删除/user/jztwk 竟然删除成功了。这个不是应该提示权限不对吗

drwxr-xr-x   - jztwk     supergroup          0 2021-09-14 17:46 /user/jztwk
drwxr-xr-x   - zeppelin  supergroup          0 2021-04-12 16:33 /user/zeppelin
drwxr-xr-x   - read_hive read_hive           0 2021-05-19 15:20 /user/read_hive

然而我去删除/user/read_hive ,  /user/zeppelin都提示权限不足

jzyc@bigdser4:/hadoop/app$ hadoop fs -rm -r /user/zeppelin
rm: Failed to move to trash: hdfs://nameservice1/user/zeppelin: Permission denied: user=testldap, access=ALL, inode="/user/zeppelin":zeppelin:supergroup:drwxr-xr-x
jzyc@bigdser4:/hadoop/app$ hadoop fs -rm -r /user/read_hive
rm: Failed to move to trash: hdfs://nameservice1/user/read_hive: Permission denied: user=testldap, access=ALL, inode="/user/read_hive":read_hive:read_hive:drwxr-xr-x

jzyc@bigdser4:/hadoop/app$ id testldap
uid=90001(testldap) gid=90001(testldap) groups=90001(testldap)
jzyc@bigdser4:/hadoop/app$ hdfs groups testldap
testldap : testldap

testldap也不在超级用户组里啊，jztwk才是超级用户组。所以我不明白是怎么回事了


igyu

Re: Re: 关于权限问题

Posted by igyu <ig...@21cn.com>.

CDH 6.3.2
我使用了sentry



igyu
 
发件人： Xieming Li
发送时间： 2021-09-15 11:09
收件人： user-zh
主题： Re: 关于权限问题
是不是使用了Ranger Plugin呢？
 
On Wed, Sep 15, 2021 at 10:26 igyu <ig...@21cn.com> wrote:
 
>
> 我的hadoop启用了kerberos 并与ldap集成
>
> 我用kinit 切到jztwk上去创建了一个目录 /user/jztwk
> 然后我用kinit 切到testldap上去删除/user/jztwk 竟然删除成功了。这个不是应该提示权限不对吗
>
> drwxr-xr-x   - jztwk     supergroup          0 2021-09-14 17:46 /user/jztwk
> drwxr-xr-x   - zeppelin  supergroup          0 2021-04-12 16:33
> /user/zeppelin
> drwxr-xr-x   - read_hive read_hive           0 2021-05-19 15:20
> /user/read_hive
>
> 然而我去删除/user/read_hive ,  /user/zeppelin都提示权限不足
>
> jzyc@bigdser4:/hadoop/app$ hadoop fs -rm -r /user/zeppelin
> rm: Failed to move to trash: hdfs://nameservice1/user/zeppelin: Permission
> denied: user=testldap, access=ALL,
> inode="/user/zeppelin":zeppelin:supergroup:drwxr-xr-x
> jzyc@bigdser4:/hadoop/app$ hadoop fs -rm -r /user/read_hive
> rm: Failed to move to trash: hdfs://nameservice1/user/read_hive:
> Permission denied: user=testldap, access=ALL,
> inode="/user/read_hive":read_hive:read_hive:drwxr-xr-x
>
> jzyc@bigdser4:/hadoop/app$ id testldap
> uid=90001(testldap) gid=90001(testldap) groups=90001(testldap)
> jzyc@bigdser4:/hadoop/app$ hdfs groups testldap
> testldap : testldap
>
> testldap也不在超级用户组里啊，jztwk才是超级用户组。所以我不明白是怎么回事了
>
>
> igyu
>

Re: 关于权限问题

Posted by Xieming Li <ri...@gmail.com>.

是不是使用了Ranger Plugin呢？

On Wed, Sep 15, 2021 at 10:26 igyu <ig...@21cn.com> wrote:

>
> 我的hadoop启用了kerberos 并与ldap集成
>
> 我用kinit 切到jztwk上去创建了一个目录 /user/jztwk
> 然后我用kinit 切到testldap上去删除/user/jztwk 竟然删除成功了。这个不是应该提示权限不对吗
>
> drwxr-xr-x   - jztwk     supergroup          0 2021-09-14 17:46 /user/jztwk
> drwxr-xr-x   - zeppelin  supergroup          0 2021-04-12 16:33
> /user/zeppelin
> drwxr-xr-x   - read_hive read_hive           0 2021-05-19 15:20
> /user/read_hive
>
> 然而我去删除/user/read_hive ,  /user/zeppelin都提示权限不足
>
> jzyc@bigdser4:/hadoop/app$ hadoop fs -rm -r /user/zeppelin
> rm: Failed to move to trash: hdfs://nameservice1/user/zeppelin: Permission
> denied: user=testldap, access=ALL,
> inode="/user/zeppelin":zeppelin:supergroup:drwxr-xr-x
> jzyc@bigdser4:/hadoop/app$ hadoop fs -rm -r /user/read_hive
> rm: Failed to move to trash: hdfs://nameservice1/user/read_hive:
> Permission denied: user=testldap, access=ALL,
> inode="/user/read_hive":read_hive:read_hive:drwxr-xr-x
>
> jzyc@bigdser4:/hadoop/app$ id testldap
> uid=90001(testldap) gid=90001(testldap) groups=90001(testldap)
> jzyc@bigdser4:/hadoop/app$ hdfs groups testldap
> testldap : testldap
>
> testldap也不在超级用户组里啊，jztwk才是超级用户组。所以我不明白是怎么回事了
>
>
> igyu
>