hadoop-hdfs-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Gangavarapu, Venkata" <Venkata.Gangavar...@bcbsa.com>
Subject Restric hdfs user access - security.client.protocol.acl
Date Tue, 28 Jul 2015 03:18:01 GMT

I am tryin to restrict hdfs user access to read/modify hdfs file system. As oart of that I
have set below values.

security.client.protocol.acl: yarn,mapred hdpdhdfs
dfs.cluster.administrators : hdpdadmngrp

hdpdhdfsgrp: user1, admin
hdpdadmngrp: hdfs, admin

>From the above settings, I want to achieve my goal of restricting hdfs user access to
file system but want hdfs user to perform admin actions such as hdfs dfs dfsadmin/hdadmin.

But I am seeing below error when I try to run hdfs dfsadmin -safemode get

[hdfs@nn ~]$ hdfs dfsadmin -safemode get
safemode: User hdfs@EXAMPLE.COM (auth:KERBEROS) is not authorized for protocol interface org.apache.hadoop.hdfs.protocol.ClientProtocol,
expected client Kerberos principal is null

If I include hdfs user under security.client.protocol.acl the error is gone but hdfs user
can read/write to hdfs file system.

Please help me out with how to restrict hdfs user access to file system still can perform
administrative actions.


View raw message