hadoop-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Harsh J <ha...@cloudera.com>
Subject Re: Secure hadoop and group permission on HDFS
Date Tue, 09 Oct 2012 02:34:47 GMT
Koert,

If you use the org.apache.hadoop.security.ShellBasedUnixGroupsMapping
class (via hadoop.security.group.mapping), then yes the NameNode's
view of the local unix groups (and the primary group) of the user is
the final say on what groups the user belongs to. This can be relied
on - but note that HDFS uses BSD style semantics when it comes to
groups and when creating directories/files, the parent directory
groups are inherited automatically unless altered after creation.

On Tue, Oct 9, 2012 at 2:30 AM, Koert Kuipers <koert@tresata.com> wrote:
> With secure hadoop the user name is authenticated by the kerberos server.
> But what about the groups that the user is a member of? Are these simple the
> groups that the user is a member of on the namenode machine?
> Is it viable to manage access to files on HDFS using groups on a secure
> hadoop cluster?
>



-- 
Harsh J

Mime
View raw message