Granting HDFS Users the Permission to Access HDFS Files
Configuring HDFS Directory Permission
The permission for some HDFS directories is 777 or 750 by default, which brings potential security risks. You are advised to modify the permission on the HDFS directories after the HDFS client is installed to enhance user security.
- Install the client. If the client has been installed, skip this step.
For example, the installation directory is /opt/client. You need to change it to the actual installation directory.
For details about how to download and install the cluster client, see Installing an MRS Cluster Client.
- Log in to the node where the client is installed as the client installation user.
- Go to the client installation directory, for example, /opt/client.
cd /opt/client
- Run the following command to configure environment variables:
source bigdata_env
- If Kerberos authentication is enabled for the cluster (in security mode), run the following command to authenticate the user. Skip this step for a cluster in normal mode.
kinit Component service user
- If Kerberos authentication is disabled for the cluster (in normal mode) and the current login user is not omm, run the following command to authenticate the user:
export HADOOP_USER_NAME=omm
- Run the following command to change the permission on the /user directory:
In the following command, the permission is changed to 1777. That is, 1 is added to the permission, indicating that only the owner or the user with the root permission can delete or rename the files and folders in the directory.
hdfs dfs -chmod 1777 /user
You are advised to harden the security for non-temporary directories to ensure system file security. For example:- /user: 777
- /mr-history: 777
- /mr-history/tmp: 777
- /mr-history/done: 777
- /user/mapred: 755
Setting Permissions on HDFS Files and Directories
HDFS allows users to modify the default permissions of files and directories. The default mask provided by the HDFS for creating file and directory permissions is 022. If you have special requirements for the default permissions, you can set configuration items to change the default permissions.
- Log in to FusionInsight Manager.
For details about how to log in to FusionInsight Manager, see Accessing MRS Manager.
- Choose Cluster > Services > HDFS > Configurations > All Configurations.
- Search for and modify parameters in Table 1 as required.
Table 1 Parameters Parameter
Description
Default Value
fs.permissions.umask-mode
This umask value (user mask) is used when the user creates files and directories in the HDFS on the clients. This parameter is similar to the file permission mask on Linux.
- The parameter value can be in octal or in symbolic, for example, 022 (octal, same as u=rwx,g=r-x,o=r-x in symbolic), or u=rwx,g=rwx,o= (symbolic, same as 007 in octal).
- The octal mask is opposite to the actual permission value. You are advised to use the symbol notation to make the description clearer.
022
- Click Save. Then, confirm the operation impact and click OK.
- Then, click Finish.
Check whether there is any instance whose configuration has expired in the cluster. If yes, restart the instance for the configuration to take effect.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot