hadoop-common-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gangavarapu, Venkata" <Venkata.Gangavar...@bcbsa.com>
Subject RE: Restric hdfs user access - security.client.protocol.acl
Date Wed, 29 Jul 2015 14:50:38 GMT
Hi folks,

Any suggestion for my below issue?

Thanks,
Venkat

From: Gangavarapu, Venkata
Sent: Monday, July 27, 2015 10:18 PM
To: user@hadoop.apache.org
Subject: Restric hdfs user access - security.client.protocol.acl

Hi,

I am tryin to restrict hdfs user access to read/modify hdfs file system. As oart of that I
have set below values.

security.client.protocol.acl: yarn,mapred hdpdhdfs
dfs.cluster.administrators : hdpdadmngrp

hdpdhdfsgrp: user1, admin
hdpdadmngrp: hdfs, admin

>From the above settings, I want to achieve my goal of restricting hdfs user access to
file system but want hdfs user to perform admin actions such as hdfs dfs dfsadmin/hdadmin.

But I am seeing below error when I try to run hdfs dfsadmin -safemode get

[hdfs@nn ~]$ hdfs dfsadmin -safemode get
safemode: User hdfs@EXAMPLE.COM<mailto:hdfs@EXAMPLE.COM> (auth:KERBEROS) is not authorized
for protocol interface org.apache.hadoop.hdfs.protocol.ClientProtocol, expected client Kerberos
principal is null


If I include hdfs user under security.client.protocol.acl the error is gone but hdfs user
can read/write to hdfs file system.

Please help me out with how to restrict hdfs user access to file system still can perform
administrative actions.

Thanks,
Venkat

Mime
View raw message