I have a ranger policy for a HDFS resource that looks like... [image: enter image description here] <https://i.stack.imgur.com/kjo6g.png>Now trying to access that HDFS path via hadoop fs <path to the hdfs location> as two different users:
# as an unauthorized user[ml1@HW04 ml1c]$ hadoop fs -ls <path to the hdfs location> ls: Permission denied: user=ml1, access=EXECUTE, inode="<path to the hdfs location>" # as an authorized user[hph_etl@HW04 hph_etl]$ hadoop fs -ls <path to the hdfs location>Found 4 items drwxrwxr-x - hph_etl hph_etl 0 2019-07-31 15:13 <path to the hdfs location> drwxrwxr-x - hph_etl hph_etl 0 2019-08-07 10:52 <path to the hdfs location> drwxrwxr-x - hph_etl hph_etl 0 2019-07-31 14:28 <path to the hdfs location> drwxrwxr-x - hph_etl hph_etl 0 2019-07-26 16:12 <path to the hdfs location> which works as expected. Now trying via ls -lh <nfs path to the hdfs location> on the local file system: # as an unauthorized user[ml1@HW04 ml1c]$ ls -lh <nfs path to the hdfs location> total 2.0K drwxrwxr-x. 4 hph_etl hph_etl 128 Jul 31 15:13 export drwxrwxr-x. 5 hph_etl hph_etl 160 Aug 7 10:52 import drwxrwxr-x. 5 hph_etl hph_etl 160 Jul 31 14:28 storage drwxrwxr-x. 3 hph_etl hph_etl 96 Jul 26 16:12 tests # as an authorized user[hph_etl@HW04 hph_etl]$ ls -lh <nfs path to the hdfs location> total 2.0K drwxrwxr-x. 4 hph_etl hph_etl 128 Jul 31 15:13 export drwxrwxr-x. 5 hph_etl hph_etl 160 Aug 7 10:52 import drwxrwxr-x. 5 hph_etl hph_etl 160 Jul 31 14:28 storage drwxrwxr-x. 3 hph_etl hph_etl 96 Jul 26 16:12 tests we see both users were able to access the HDFS location when doing so via NFS (even though only the hph_etl user should have been able to). Anyone know what's going on here? Any debugging tips or fixes? -- This electronic message is intended only for the named recipient, and may contain information that is confidential or privileged. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you have received this message in error or are not the named recipient, please notify us immediately by contacting the sender at the electronic mail address noted above, and delete and destroy all copies of this message. Thank you.
