ACLs implementation:
Access Control Lists (ACLs) are typically applied to data to restrict access to data to approved users.
Configuring ACLs on HDFS:
<dfs.namenode.acls.enabled > has to be enabled in HDFS configuration.
Steps to check if the property is enabled:
Cloudera Manager>> HDFS >> Configuration
Search for <dfs.namenode.acls.enabled > as below:
If it is not checked them the property is not enabled in HDFS. In that case, we have to enable the property. In this case, all services has to be restarted.
Example 1: Granting full access to a user <hadoop> /user/hdfs
1. Become the hdfs principal using hdfs keytab
2. An user “bruce” has to get full access to a hdfs directory.
hadoop fs -setfacl -R -m user:hadoop:rwx /full-path
Example 2: Granting full access to a group <test-ops> /user/hdfs/
1. Become the hdfs principal using hdfs keytab
2. A group “test-ops” has to get full access to a hdfs directory.
hadoop fs -setfacl -R -m group:test-ops:rwx /user/hdfs/
Example 3: Granting read access to a user <hadoop> to path /user/hdfs/
hadoop fs -setfacl -R -m user:hadoop:r-x /user/hdfs/file
Example 4: To remove user <hadoop> ACL entry for /user/hdfs/
hadoop fs -setfacl -R -x user:hadoop /user/hdfs/
Access Control Lists (ACLs) are typically applied to data to restrict access to data to approved users.
Configuring ACLs on HDFS:
<dfs.namenode.acls.enabled > has to be enabled in HDFS configuration.
Steps to check if the property is enabled:
Cloudera Manager>> HDFS >> Configuration
Search for <dfs.namenode.acls.enabled > as below:
If it is not checked them the property is not enabled in HDFS. In that case, we have to enable the property. In this case, all services has to be restarted.
Example 1: Granting full access to a user <hadoop> /user/hdfs
1. Become the hdfs principal using hdfs keytab
2. An user “bruce” has to get full access to a hdfs directory.
hadoop fs -setfacl -R -m user:hadoop:rwx /full-path
Example 2: Granting full access to a group <test-ops> /user/hdfs/
1. Become the hdfs principal using hdfs keytab
2. A group “test-ops” has to get full access to a hdfs directory.
hadoop fs -setfacl -R -m group:test-ops:rwx /user/hdfs/
Example 3: Granting read access to a user <hadoop> to path /user/hdfs/
hadoop fs -setfacl -R -m user:hadoop:r-x /user/hdfs/file
Example 4: To remove user <hadoop> ACL entry for /user/hdfs/
hadoop fs -setfacl -R -x user:hadoop /user/hdfs/
No comments:
Post a Comment
Note: only a member of this blog may post a comment.