Hi folks, Any suggestion for my below issue?
Thanks, Venkat From: Gangavarapu, Venkata Sent: Monday, July 27, 2015 10:18 PM To: [email protected] Subject: Restric hdfs user access - security.client.protocol.acl Hi, I am tryin to restrict hdfs user access to read/modify hdfs file system. As oart of that I have set below values. security.client.protocol.acl: yarn,mapred hdpdhdfs dfs.cluster.administrators : hdpdadmngrp hdpdhdfsgrp: user1, admin hdpdadmngrp: hdfs, admin >From the above settings, I want to achieve my goal of restricting hdfs user >access to file system but want hdfs user to perform admin actions such as hdfs >dfs dfsadmin/hdadmin. But I am seeing below error when I try to run hdfs dfsadmin -safemode get [hdfs@nn ~]$ hdfs dfsadmin -safemode get safemode: User [email protected]<mailto:[email protected]> (auth:KERBEROS) is not authorized for protocol interface org.apache.hadoop.hdfs.protocol.ClientProtocol, expected client Kerberos principal is null If I include hdfs user under security.client.protocol.acl the error is gone but hdfs user can read/write to hdfs file system. Please help me out with how to restrict hdfs user access to file system still can perform administrative actions. Thanks, Venkat
