A User Without the Permission on the /tmp Directory Failed to Execute a Job for Accessing OBS

Symptom

When multiple MRS users access OBS and execute Spark, Hive, and Presto jobs, an error message is displayed, indicating that a user does not have the permission to access the /tmp directory.

Cause Analysis

A temporary directory exists during job execution. The user who submits the job does not have the operation permission on the temporary directory.

Procedure

1. On the Dashboard tab page of the cluster, query and record the name of the agency bound to the cluster.
2. Log in to the IAM console.
3. Choose Permissions. On the displayed page, click Create Custom Policy.
   • Policy Name: Enter a policy name.
   • Scope: Select Global services.
   • Policy View: Select Visual editor.
   • Policy Content:
     1. Allow: Select Allow.
     2. Select service: Select Object Storage Service (OBS).
     3. Select action: Select WriteOnly, ReadOnly, and ListOnly.
     4. Specific resources:
        1. Set object to Specify resource path, click Add resource path, and enter obs_bucket_name/tmp/ and obs_bucket_name/tmp/* in Path. The /tmp directory is used as an example. If you need to add permissions for other directories, perform the following steps to add the directories and resource paths of all objects in the directories.
        2. Set bucket to Specify resource path, click Add resource path, and enter obs_bucket_name in Path.

        Replace obs_bucket-name with the actual OBS bucket name. If the bucket type is Parallel File System, you need to add the obs_bucket_name/tmp/ path. If the bucket type is Object Storage, you do not need to add the path.

     5. (Optional) Request condition, which does not need to be added currently.
   Figure 1 Custom policy
   

4. Click OK.
5. Select Agency and click Assign Permissions in the Operation column of the agency queried in 1.
6. Query and select the created policy in 3.
7. Click OK.