HDFS - Permissions (Authorization)

> Database > (Apache) Hadoop > Hadoop Distributed File System (HDFS)

1 - About

Advertising

3 - Method

A user authorization is defined through one of the below method:

Permission are disabled by default.

4 - Management

4.1 - Enable

dfs.permissions.enabled If “true”, enable permission checking in HDFS. If “false”, permission checking is turned off, but all other behavior is unchanged. Switching from one parameter value to the other does not change the mode, owner or group of files or directories.

hdfs getconf -confKey dfs.permissions.enabled
false

4.2 - Admin

4.2.1 - Group

dfs.permissions.superusergroup The name of the group of super-users. The value should be a single group name.

hdfs getconf -confKey dfs.permissions.superusergroup
hdfs
Advertising

4.2.2 - Users

dfs.cluster.administrators ACL for the admins, this configuration is used to control which user can access the default servlets in the namenode, etc.

Value Syntax:

  • The value should be a comma separated list of users and groups.
[user1,user2,...userN] [group1,group2,...groupN]

where:

  • The user list comes first
  • The user and group list are separated by a space
  • Users and groups are optional
  • * grants access to all users and groups, e.g. *, * and * are all valid.

Example:

  • user1,user2 group1,group2.
  • user1, group1, , user1 group1, user1,user2 group1,group2 are all valid

5 - Documentation / Reference

Advertising