hadoop-common-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Bockelman <bbock...@cse.unl.edu>
Subject Re: Non-root user blocks root on DFS?
Date Mon, 17 Aug 2009 15:12:45 GMT
Hey Stas,

IIRC, the user with "special privileges" in Hadoop is the superuser.   
By default, the superuser is the user who runs the Hadoop Namenode.

So, if the user "hadoop" runs the Hadoop Namenode, then "hadoop" is  
the superuser who has the permissions normally given to root in Unix.   
I don't remember if there is a way to set the superuser manually.

Am I correct in guessing that the namenode is running as non-root?

Brian

On Aug 17, 2009, at 9:37 AM, Stas Oskin wrote:

> Hi.
>
> I have a directory created by the root user with the 777 permissions.
>
> When an application running under non-root user (called dev1)  
> createded
> sub-directories in this directory, it made some directories with  
> 777, and
> some with 755. This causes the app launched under root user not  
> being able
> to erase files from these directories, and throwing the following
> exceptions:
>
> org.apache.hadoop.fs.permission.AccessControlException:
> org.apache.hadoop.fs.permission.AccessControlException: Permission  
> denied:
> user=root, access=WRITE, inode="snapshots":dev1:supergroup:rwxr-xr-x
> at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native  
> Method)
> at
> sun 
> .reflect 
> .NativeConstructorAccessorImpl 
> .newInstance(NativeConstructorAccessorImpl.java:39)
> at
> sun 
> .reflect 
> .DelegatingConstructorAccessorImpl 
> .newInstance(DelegatingConstructorAccessorImpl.java:27)
> at java.lang.reflect.Constructor.newInstance(Constructor.java:513)
> at
> org 
> .apache 
> .hadoop 
> .ipc.RemoteException.instantiateException(RemoteException.java:90)
> at
> org 
> .apache 
> .hadoop 
> .ipc.RemoteException.unwrapRemoteException(RemoteException.java:52)
> at org.apache.hadoop.dfs.DFSClient.delete(DFSClient.java:530)
> at
> org 
> .apache 
> .hadoop.dfs.DistributedFileSystem.delete(DistributedFileSystem.java: 
> 210)
> at org.util.FileUtils.deleteFile(FileUtils.java:365)
> Caused by: org.apache.hadoop.ipc.RemoteException:
> org.apache.hadoop.fs.permission.AccessControlException: Permission  
> denied:
> user=root, access=WRITE, inode="snapshots":dev1:supergroup:rwxr-xr-x  
> at
> org.apache.hadoop.dfs.PermissionChecker.check(PermissionChecker.java: 
> 175)
> at  
> org.apache.hadoop.dfs.PermissionChecker.check(PermissionChecker.java: 
> 156)
> at
> org 
> .apache 
> .hadoop.dfs.PermissionChecker.checkPermission(PermissionChecker.java: 
> 107)
> at
> org.apache.hadoop.dfs.FSNamesystem.checkPermission(FSNamesystem.java: 
> 4238)
> at
> org.apache.hadoop.dfs.FSNamesystem.deleteInternal(FSNamesystem.java: 
> 1527)
> at org.apache.hadoop.dfs.FSNamesystem.delete(FSNamesystem.java:1497)
> at org.apache.hadoop.dfs.NameNode.delete(NameNode.java:425)
> at sun.reflect.GeneratedMethodAccessor7.invoke(Unknown Source)
> at
> sun 
> .reflect 
> .DelegatingMethodAccessorImpl 
> .invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:481)
> at org.apache.hadoop.ipc.Server$Handler.run(Server.java:890)
>
> at org.apache.hadoop.ipc.Client.call(Client.java:716)
> at org.apache.hadoop.ipc.RPC$Invoker.invoke(RPC.java:216)
> at org.apache.hadoop.dfs.$Proxy17.delete(Unknown Source)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun 
> .reflect 
> .NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun 
> .reflect 
> .DelegatingMethodAccessorImpl 
> .invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at
> org 
> .apache 
> .hadoop 
> .io 
> .retry 
> .RetryInvocationHandler.invokeMethod(RetryInvocationHandler.java:82)
> at
> org 
> .apache 
> .hadoop 
> .io.retry.RetryInvocationHandler.invoke(RetryInvocationHandler.java: 
> 59)
> at org.apache.hadoop.dfs.$Proxy17.delete(Unknown Source)
> at org.apache.hadoop.dfs.DFSClient.delete(DFSClient.java:528)
> ... 5 more
>
>
>
> This brings the following questions:
>
> 1) Is the root user considered same level as non-root user in DFS?
> 2) Any idea why the dev1 created some directories with 777, and some  
> with
> 755, even that their root directory was 777?
>
> There is no any particular code in the application, which may set the
> directory permissions.
>
> Thanks for any idea.


Mime
View raw message