[jira] [Comment Edited] (RANGER-482) HDFS plugin denies access even when policy exists to allow the access

Mon, 18 May 2015 12:02:45 -0700 

    [ 
https://issues.apache.org/jira/browse/RANGER-482?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14548514#comment-14548514
 ] 

Ramesh Mani edited comment on RANGER-482 at 5/18/15 7:01 PM:
-------------------------------------------------------------

[[email protected]]
I have now a policy for user "guest"  for resource /demo/data - rwx -recursive 
ON.

>sudo su guest
>hdfs dfs -ls /demo/data
ls: Permission denied: user=guest, access=EXECUTE, 
inode="/demo/data":hdfs:hdfs:drwx------  This is not right as we have the 
permission for it in ranger.

Also another scenario /demo/*  - rwx  for user "guest" 
> hdfs dfs -ls /demo.data
ls: Permission denied: user=guest, access=EXECUTE, 
inode="/demo/data":hdfs:hdfs:drwx------  This is not right either. Wildcard 
didn't work.



was (Author: rmani):
[[email protected]]
I have now a policy for guest  for resource /demo/data - rwx -recursive on.

>sudo su guest
>hdfs dfs -ls /demo/data
ls: Permission denied: user=guest, access=EXECUTE, 
inode="/demo/data":hdfs:hdfs:drwx------  This is not right as we have the 
permission for it in ranger.

Also another scenario /demo/*  - rwx  for user "guest" 
> hdfs dfs -ls /demo.data
ls: Permission denied: user=guest, access=EXECUTE, 
inode="/demo/data":hdfs:hdfs:drwx------  This is not right either. Wildcard 
didn't work.


> HDFS plugin denies access even when policy exists to allow the access
> ---------------------------------------------------------------------
>
>                 Key: RANGER-482
>                 URL: https://issues.apache.org/jira/browse/RANGER-482
>             Project: Ranger
>          Issue Type: Bug
>          Components: plugins
>    Affects Versions: 0.5.0
>            Reporter: Madhan Neethiraj
>            Assignee: Madhan Neethiraj
>             Fix For: 0.5.0
>
>         Attachments: 
> 0001-RANGER-482-HDFS-plugin-updated-to-check-for-traverse.patch
>
>
> Here are the steps to reproduce this issue (thanks [~rmani]):
> - sudo su hdfs
> - hdfs dfs -mkdir -p /demo/data
> - hdfs dfs -chmod 700 /demo
> - hdfs dfs -chmod 700 /demo/data
> - Create a Ranger policy that allows rwx access on /demo directory to user 
> “guest”, with recursive enabled.
> - sudo su guest
> - hdfs dfs  -ls /demo (this works )
> - hdfs  dfs –ls /demo/data (this fails with the following error)
> ls: Permission denied: user=guest, access=EXECUTE, 
> inode="/demo/data":hdfs:hdfs:drwx------
> Since a Ranger policy exists to allow 'rwx' access to user 'guest' on files 
> and directories under /demo, the user should be allowed to "ls /demo/data".



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to