Friday, 6 April 2018

Hadoop Security: HDFS ACLs

ACLs implementation:

Access Control Lists (ACLs) are typically applied to data to restrict access to data to approved users.

Configuring ACLs on HDFS:

<dfs.namenode.acls.enabled >  has to be enabled in HDFS configuration.

Steps to check if the property is enabled:

Cloudera Manager>> HDFS >> Configuration

Search for <dfs.namenode.acls.enabled >   as below:





If it is not checked them the property is not enabled in HDFS. In that case, we have to enable the property. In this case, all services has to be restarted.


Example 1: Granting full access to a user <hadoop> /user/hdfs

1. Become the hdfs principal using hdfs keytab
2. An user “bruce”  has to get full access to a hdfs directory.

hadoop fs -setfacl -R -m user:hadoop:rwx /full-path 

Example 2: Granting full access to a group <test-ops> /user/hdfs/

1. Become the hdfs principal using hdfs keytab
2. A group “test-ops”  has to get full access to a hdfs directory.

hadoop fs -setfacl -R -m group:test-ops:rwx /user/hdfs/

Example 3: Granting read access to a user <hadoop> to path /user/hdfs/

hadoop fs -setfacl -R -m user:hadoop:r-x /user/hdfs/file

Example 4: To remove user <hadoop> ACL entry for /user/hdfs/

hadoop fs -setfacl -R -x user:hadoop /user/hdfs/


No comments:

Post a comment

Note: only a member of this blog may post a comment.