hadoop-common-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Aaron Kimball" <aa...@cloudera.com>
Subject Re: Multiple user permissions
Date Fri, 19 Dec 2008 04:58:30 GMT
Jeff,

This refers to an access permission error inside of Hadoop itself.
It looks like you're trying to run the command as user "jallen". The
operation you're trying to perform is a write to the "/user" directory in
HDFS. (By running '-mkdir input', it's actually doing the equivalent of
"mkdir -p /user/jallen/input".) Since /user/jallen doesn't exist, it's
trying to make it.

The only problem is, the /user/ directory is owned by the "hadoop" user
account.
So you should do something like:
sudo -u hadoop bin/hadoop -mkdir /user/jallen
sudo -u hadoop bin/hadoop -chown jallen /user/jallen
# perform commands as jallen here.

This permissions system isn't foolproof (it populates a variable named
"hadoop.job.ugi" with the contents of `whoami` and `groups`, which you can
override in your config, making it an insecure access mechanism), but it
provides some basic multitenant assurances that you won't accidentally
clobber files owned by another user on your system.

- Aaron

On Thu, Dec 18, 2008 at 7:31 AM, Allen, Jeffrey <jallen@ll.mit.edu> wrote:

> Greetings
>
> I successfully installed a cloud w/ 4 computers logged in with my own
> account (jallen).  I want to expose the cloud to other users using a generic
> account.  So, after installing the SW and formatting the file system I went
> through and performed a chmod on the installation directory and the root of
> the hadoop file system so everyone would have read and write access.
>
> However when I run a command like: "bin/hadoop fs -mkdir input" from the
> generic account I get:
> mkdir: org.apache.hadoop.security.AccessControlException: Permission
> denied: user=hadoop, access=WRITE, inode="user":jallen:supergroup:rwxr-xr-x
>
> I was wondering if the problem may have been created when I changed the
> hadoop.tmp.dir attribute to be just /tmp/hadoop and not based on the user's
> name as is the default /tmp/hadoop-${user.name} but after removing that
> attribute in hadoop-site.xml, restarting and reformatting, I still get the
> same error.
>
> Any thoughts of what's getting accessed or how to solve this?
>
> Jeff
>
>
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message