Granting HDFS Users the Permission to Access HDFS Files

Configuring HDFS Directory Permission

The permission for some HDFS directories is 777 or 750 by default, which brings potential security risks. You are advised to modify the permission for the HDFS directories after the HDFS is installed to increase user security.

Log in to the HDFS client as the administrator and run the following command to modify the permission for the /user directory.

The permission is set to 1777, that is, 1 is added to the original permission. This indicates that only the user who creates the directory can delete it.

hdfs dfs -chmod 1777 /user

To ensure security of the system file, you are advised to harden the security for non-temporary directories. The following directories are examples:

/user:777
/mr-history:777
/mr-history/tmp:777
/mr-history/done:777
/user/mapred:755

Setting Permissions on HDFS Files and Directories

HDFS allows users to modify the default permissions of files and directories. The default mask provided by the HDFS for creating file and directory permissions is 022. If you have special requirements for the default permissions, you can set configuration items to change the default permissions.

Navigation path for setting parameters:

Go to the All Configurations page of HDFS and enter a parameter name in the search box by referring to Modifying Cluster Service Configuration Parameters.

**Table 1** Parameters
Parameter	Description	Default Value
fs.permissions.umask-mode	This umask value (user mask) is used when the user creates files and directories in the HDFS on the clients. This parameter is similar to the file permission mask on Linux. The parameter value can be in octal or in symbolic, for example, 022 (octal, same as u=rwx,g=r-x,o=r-x in symbolic), or u=rwx,g=rwx,o= (symbolic, same as 007 in octal). NOTE: The octal mask is opposite to the actual permission value. You are advised to use the symbol notation to make the description clearer.	022