hadoop-common-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Fan (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HADOOP-15138) CLONE - Executing the command 'hdfs -Dhadoop.security.credential.provider.path=file1.jceks,file2.jceks' fails if permission is denied to some files
Date Thu, 21 Dec 2017 08:27:00 GMT
Fan created HADOOP-15138:
----------------------------

             Summary: CLONE - Executing the command 'hdfs -Dhadoop.security.credential.provider.path=file1.jceks,file2.jceks'
fails if permission is denied to some files
                 Key: HADOOP-15138
                 URL: https://issues.apache.org/jira/browse/HADOOP-15138
             Project: Hadoop Common
          Issue Type: Improvement
          Components: fs/s3, hdfs-client, security
    Affects Versions: 2.8.0
            Reporter: Fan
            Priority: Critical


======= 
Request Use Case: 
UC1: 
The customer has the path to a directory and subdirectories full of keys. The customer knows
that he does not have the access to all the keys, but ignoring this problem, the customer
makes a list of the keys. 

UC1.2: 
The customer in a FIFO manner, try his access to the key provided on the list. If the access
is granted locally then he can try the login on the s3a. 

UC1.2: 
The customer in a FIFO manner, try his access to the key provided on the list. If the access
is not granted locally then he will skip the login on the s3a and try the next key on the
list. 
===========

For now, the UC1.2 fails with below exception and does not try the next key:
{code}
$ hdfs  --loglevel DEBUG dfs -Dhadoop.security.credential.provider.path=jceks://hdfs/tmp/aws.jceks,jceks://hdfs/tmp/awst.jceks
-ls s3a://av-dl-hwx-nprod-anhffpoc-enriched/hive/e_ceod/

Not retrying because try once and fail.
org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.AccessControlException):
Permission denied: user=502549376, access=READ, inode="/tmp/aws.jceks":admin:hdfs:-rwx------
{code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: common-dev-unsubscribe@hadoop.apache.org
For additional commands, e-mail: common-dev-help@hadoop.apache.org


Mime
View raw message