HDFS - ACL

> Database > (Apache) Hadoop > Hadoop Distributed File System (HDFS)

1 - About

POSIX style permissions/HDFS ACLs in HDFS is one authorization method .

By default, ACLs are disabled.

3 - Acl Management

3.1 - List

hdfs dfs -ls /
Found 24 items
drwxr-xr-x   - root             supergroup          0 2018-04-12 15:52 /HdiNotebooks
drwxr-xr-x   - root             supergroup          0 2018-04-12 15:54 /HdiSamples
drwxr-xr-x   - hdfs             supergroup          0 2018-04-12 15:42 /ams
drwxr-xr-x   - hdfs             supergroup          0 2018-04-12 15:42 /amshbase
drwxrwxrwx   - yarn             hadoop              0 2018-04-12 15:42 /app-logs
drwxr-xr-x   - hdfs             supergroup          0 2018-04-12 15:42 /apps
drwxr-xr-x   - yarn             hadoop              0 2018-04-12 15:42 /atshistory
drwxr-xr-x   - admininformatica supergroup          0 2018-04-12 17:22 /blaze
drwxr-xr-x   - root             supergroup          0 2018-04-12 15:54 /custom-scriptaction-logs
drwxrwxrwx   - admininformatica supergroup          0 2018-04-16 10:15 /dev
drwxr-xr-x   - root             supergroup          0 2018-04-12 15:54 /example
drwxr-xr-x   - hbase            supergroup          0 2018-04-12 15:42 /hbase
drwxr-xr-x   - hdfs             supergroup          0 2018-04-12 15:42 /hdp
drwxr-xr-x   - hdfs             supergroup          0 2018-04-25 12:08 /hive
drwxr-xr-x   - mapred           supergroup          0 2018-04-12 15:42 /mapred
drwx------   - admin            supergroup          0 2018-04-12 17:26 /mapreducestaging
drwxrwxrwx   - mapred           hadoop              0 2018-04-12 15:42 /mr-history
drwxr-xr-x   - admininformatica supergroup          0 2018-04-19 10:45 /spark
drwxr-xr-x   - sshuser          supergroup          0 2018-05-07 14:54 /stage
drwxr-xr-x   - sshuser          supergroup          0 2018-05-09 08:28 /stage_sqoop
drwxrwxrwx   - hdfs             supergroup          0 2018-04-18 07:04 /tmp
drwxr-xr-x   - hdfs             supergroup          0 2018-04-12 15:42 /user
drwxrwxrwx   - yarn             supergroup          0 2018-04-17 14:49 /var
drwxr-xr-x   - admin            supergroup          0 2018-04-13 01:05 /wasbprobec017ddc5-a901-43f8-97a1-d096c61fdeab
Advertising

3.2 - Enable

dfs.namenode.acls.enabled - Set to true to enable support for HDFS ACLs (Access Control Lists). By default, ACLs are disabled. When ACLs are disabled, the NameNode rejects all RPCs related to setting or getting ACLs.

hdfs getconf -confKey dfs.namenode.acls.enabled
false

3.3 - Default

The default ACL for a new created file or directory can be based on:

3.3.1 - umask

The fs.permissions.umask-mode parameter controls the default umask settings

Example:

hdfs getconf -confKey fs.permissions.umask-mode
022

3.3.2 - Inherit from parent directory

dfs.namenode.posix.acl.inheritance.enabled Set to true to enable POSIX style ACL inheritance. When it is enabled and the create request comes from a compatible client, the NameNode will apply default ACLs from the parent directory to the create mode and ignore the client umask. If no default ACL found, it will apply the client umask.

Advertising