hadoop-mapreduce-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chris Nauroth <cnaur...@hortonworks.com>
Subject Re: Grant privileges on / of hdfs file system
Date Tue, 07 Jul 2015 18:03:45 GMT
Hello Pratik,

The "hdfs" user (more specifically, whatever user launched the NameNode process) is the HDFS
super-user.  The super-user has full access to the file system and also administrative operations.
 You can declare additional users to be super-users by setting property dfs.permissions.superusergroup
in hdfs-site.xml.  The default value of this property is "supergroup".

  <description>The name of the group of super-users.</description>

Any user you add to group "supergroup" (or whatever custom group you use if you decided to
change dfs.permissions.superusergroup) will be treated as an HDFS super-user.

It's important to keep in mind that this grants both full file system access and full administrative
access.  That means the user would be able to call sensitive operations like "hdfs dfsadmin
-safemode enter".  If this isn't appropriate, then you might explore using file system permissions
and ACLs to implement your requirements on the file system only.

More details are in the documentation here:


I hope this helps.

--Chris Nauroth

From: Pratik Gadiya <pratik_gadiya@persistent.com<mailto:pratik_gadiya@persistent.com>>
Reply-To: "user@hadoop.apache.org<mailto:user@hadoop.apache.org>" <user@hadoop.apache.org<mailto:user@hadoop.apache.org>>
Date: Tuesday, July 7, 2015 at 9:38 AM
To: "user@hadoop.apache.org<mailto:user@hadoop.apache.org>" <user@hadoop.apache.org<mailto:user@hadoop.apache.org>>
Subject: Grant privileges on / of hdfs file system


Can anyone provide me steps to grant a particular user access equivalnent to that of "hdfs"
user in hadoop.
The reason behind this is I want to have my custom user who can create anything on the entire
hdfs file system (/)
I tried couple of links however, none of them were useful.
Is there any way by adding/modifying some property tags I can do that ?

With Regards,

DISCLAIMER ========== This e-mail may contain privileged and confidential information which
is the property of Persistent Systems Ltd. It is intended only for the use of the individual
or entity to which it is addressed. If you are not the intended recipient, you are not authorized
to read, retain, copy, print, distribute or use this message. If you have received this communication
in error, please notify the sender and delete all copies of this message. Persistent Systems
Ltd. does not accept any liability for virus infected mails.

View raw message