You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user-zh@hadoop.apache.org by igyu <ig...@21cn.com> on 2021/09/15 01:26:00 UTC
关于权限问题
我的hadoop启用了kerberos 并与ldap集成
我用kinit 切到jztwk上去创建了一个目录 /user/jztwk
然后我用kinit 切到testldap上去删除/user/jztwk 竟然删除成功了。这个不是应该提示权限不对吗
drwxr-xr-x - jztwk supergroup 0 2021-09-14 17:46 /user/jztwk
drwxr-xr-x - zeppelin supergroup 0 2021-04-12 16:33 /user/zeppelin
drwxr-xr-x - read_hive read_hive 0 2021-05-19 15:20 /user/read_hive
然而我去删除/user/read_hive , /user/zeppelin都提示权限不足
jzyc@bigdser4:/hadoop/app$ hadoop fs -rm -r /user/zeppelin
rm: Failed to move to trash: hdfs://nameservice1/user/zeppelin: Permission denied: user=testldap, access=ALL, inode="/user/zeppelin":zeppelin:supergroup:drwxr-xr-x
jzyc@bigdser4:/hadoop/app$ hadoop fs -rm -r /user/read_hive
rm: Failed to move to trash: hdfs://nameservice1/user/read_hive: Permission denied: user=testldap, access=ALL, inode="/user/read_hive":read_hive:read_hive:drwxr-xr-x
jzyc@bigdser4:/hadoop/app$ id testldap
uid=90001(testldap) gid=90001(testldap) groups=90001(testldap)
jzyc@bigdser4:/hadoop/app$ hdfs groups testldap
testldap : testldap
testldap也不在超级用户组里啊,jztwk才是超级用户组。所以我不明白是怎么回事了
igyu
Re: Re: 关于权限问题
Posted by igyu <ig...@21cn.com>.
CDH 6.3.2
我使用了sentry
igyu
发件人: Xieming Li
发送时间: 2021-09-15 11:09
收件人: user-zh
主题: Re: 关于权限问题
是不是使用了Ranger Plugin呢?
On Wed, Sep 15, 2021 at 10:26 igyu <ig...@21cn.com> wrote:
>
> 我的hadoop启用了kerberos 并与ldap集成
>
> 我用kinit 切到jztwk上去创建了一个目录 /user/jztwk
> 然后我用kinit 切到testldap上去删除/user/jztwk 竟然删除成功了。这个不是应该提示权限不对吗
>
> drwxr-xr-x - jztwk supergroup 0 2021-09-14 17:46 /user/jztwk
> drwxr-xr-x - zeppelin supergroup 0 2021-04-12 16:33
> /user/zeppelin
> drwxr-xr-x - read_hive read_hive 0 2021-05-19 15:20
> /user/read_hive
>
> 然而我去删除/user/read_hive , /user/zeppelin都提示权限不足
>
> jzyc@bigdser4:/hadoop/app$ hadoop fs -rm -r /user/zeppelin
> rm: Failed to move to trash: hdfs://nameservice1/user/zeppelin: Permission
> denied: user=testldap, access=ALL,
> inode="/user/zeppelin":zeppelin:supergroup:drwxr-xr-x
> jzyc@bigdser4:/hadoop/app$ hadoop fs -rm -r /user/read_hive
> rm: Failed to move to trash: hdfs://nameservice1/user/read_hive:
> Permission denied: user=testldap, access=ALL,
> inode="/user/read_hive":read_hive:read_hive:drwxr-xr-x
>
> jzyc@bigdser4:/hadoop/app$ id testldap
> uid=90001(testldap) gid=90001(testldap) groups=90001(testldap)
> jzyc@bigdser4:/hadoop/app$ hdfs groups testldap
> testldap : testldap
>
> testldap也不在超级用户组里啊,jztwk才是超级用户组。所以我不明白是怎么回事了
>
>
> igyu
>
Re: 关于权限问题
Posted by Xieming Li <ri...@gmail.com>.
是不是使用了Ranger Plugin呢?
On Wed, Sep 15, 2021 at 10:26 igyu <ig...@21cn.com> wrote:
>
> 我的hadoop启用了kerberos 并与ldap集成
>
> 我用kinit 切到jztwk上去创建了一个目录 /user/jztwk
> 然后我用kinit 切到testldap上去删除/user/jztwk 竟然删除成功了。这个不是应该提示权限不对吗
>
> drwxr-xr-x - jztwk supergroup 0 2021-09-14 17:46 /user/jztwk
> drwxr-xr-x - zeppelin supergroup 0 2021-04-12 16:33
> /user/zeppelin
> drwxr-xr-x - read_hive read_hive 0 2021-05-19 15:20
> /user/read_hive
>
> 然而我去删除/user/read_hive , /user/zeppelin都提示权限不足
>
> jzyc@bigdser4:/hadoop/app$ hadoop fs -rm -r /user/zeppelin
> rm: Failed to move to trash: hdfs://nameservice1/user/zeppelin: Permission
> denied: user=testldap, access=ALL,
> inode="/user/zeppelin":zeppelin:supergroup:drwxr-xr-x
> jzyc@bigdser4:/hadoop/app$ hadoop fs -rm -r /user/read_hive
> rm: Failed to move to trash: hdfs://nameservice1/user/read_hive:
> Permission denied: user=testldap, access=ALL,
> inode="/user/read_hive":read_hive:read_hive:drwxr-xr-x
>
> jzyc@bigdser4:/hadoop/app$ id testldap
> uid=90001(testldap) gid=90001(testldap) groups=90001(testldap)
> jzyc@bigdser4:/hadoop/app$ hdfs groups testldap
> testldap : testldap
>
> testldap也不在超级用户组里啊,jztwk才是超级用户组。所以我不明白是怎么回事了
>
>
> igyu
>