I just created my account on JIRA. My user ID is the same than in Confluence : bartimeux.
Regards, Loïc Loïc CHANEL Engineering student at TELECOM Nancy Trainee at Worldline - Villeurbanne 2015-06-09 18:43 GMT+02:00 Don Bosco Durai <[email protected]>: > Loïc, thanks > > Can you also create a JIRA to track it? Selva can you help here to add > Loïc to the contributor list? > > Thanks > > Bosco > > > From: Loïc Chanel <[email protected]> > Reply-To: "[email protected]" < > [email protected]> > Date: Tuesday, June 9, 2015 at 7:52 AM > To: "[email protected]" <[email protected]> > Subject: Re: Troubles with HDFS policies > > Hi, > > Actually, I still have to modify it, but I will complete it as I go > further in Hadoop secured ecosystem deployment. > > The principal thing I wanted to document was the way to use Apache Knox, > as I noticed some mistakes in the URLs for Knox usage described by the > documentations I found on the Web (like unnecessary "/api"). > But as I am working on the deployment of a fully secured multi-tenant > cluster providing services such as Spark, Hive and HBase, I will have to > provide some documentation describing how to deploy Apache Ranger to manage > security on these components. > > Therefore, that documentation should improve and complete what I started > to write on Confluence. > > Regards, > > > Loïc > > Loïc CHANEL > Engineering student at TELECOM Nancy > Trainee at Worldline - Villeurbanne > > 2015-06-04 19:00 GMT+02:00 Don Bosco Durai <[email protected]>: > >> Hi >> >> I apologize, I missed this email somehow. >> >> Thanks for putting this document together. It is looking good. I think, >> this will be good starting point to build our user guide. >> >> I feel, we should list out the topics we want to document and share the >> effort. >> >> Thanks again >> >> Bosco >> >> From: Chanel Loïc <[email protected]> >> Reply-To: "[email protected]" < >> [email protected]> >> Date: Tuesday, May 26, 2015 at 6:33 AM >> To: "[email protected]" <[email protected]> >> Subject: RE: Troubles with HDFS policies >> >> Hi Bosco, >> >> >> >> I wrote some paragraphs on the page >> https://cwiki.apache.org/confluence/display/RANGER/Ranger+User+Guide >> >> As I only worked on Ranger and HDFS for now, it is the first part I >> created, but I will document the other components in the upcoming weeks. >> >> Feel free to make any remarks, and to tell me if this suits you. >> >> >> >> In the meantime, I noticed some missing things and typo in Ranger >> Hortonworks documentation. Can I help improving it somehow ? >> >> >> >> Thanks, >> >> >> >> >> >> Loïc >> >> >> >> *De :* Don Bosco Durai [mailto:[email protected] >> <[email protected]>] *De la part de* Don Bosco Durai >> *Envoyé :* lundi 4 mai 2015 19:05 >> *À :* [email protected] >> *Objet :* Re: Troubles with HDFS policies >> >> >> >> I have given you the permission. Let’s co-ordinate on creating the user >> guide page. >> >> >> >> Thanks >> >> >> >> Bosco >> >> >> >> >> >> *From: *Chanel Loïc <[email protected]> >> *Reply-To: *"[email protected]" < >> [email protected]> >> *Date: *Monday, May 4, 2015 at 1:23 AM >> *To: *"[email protected]" < >> [email protected]> >> *Subject: *RE: Troubles with HDFS policies >> >> >> >> Hi Bosco, >> >> >> >> I just created an account on Confluence, my user ID is bartimeux. >> >> Thanks, >> >> >> >> >> >> Loïc >> >> >> >> *De :* Don Bosco Durai [mailto:[email protected] >> <[email protected]>] *De la part de* Don Bosco Durai >> *Envoyé :* vendredi 1 mai 2015 06:44 >> *À :* [email protected] >> *Objet :* Re: Troubles with HDFS policies >> >> >> >> Hi Loïc >> >> >> >> Thanks for the feedback. >> >> >> >> I think, you are referring to the Hortonworks documentation. >> >> >> >> We have a place holder in Apache Ranger Wiki site for user guide. We can >> start working on it. If you can give your confluence id, we can give you >> edit permission. >> >> >> >> Thanks >> >> >> >> Bosco >> >> >> >> *From: *Chanel Loïc <[email protected]> >> *Reply-To: *"[email protected]" < >> [email protected]> >> *Date: *Thursday, April 30, 2015 at 1:32 AM >> *To: *"[email protected]" < >> [email protected]> >> *Subject: *RE: Troubles with HDFS policies >> >> >> >> Hi, >> >> >> >> Indeed, the page 10 of the Ranger User Guide specifies : >> >> >> >> ”Through configuration, Apache Ranger enables both Ranger policies and >> HDFS permissions to be checked for a user request. When the NameNode >> receives a user request, the Ranger plugin checks for policies set through >> the Ranger Policy Manager. If there are no policies, the Ranger plugin >> checks for permissions set in HDFS. >> >> We recommend that permissions be created at the Ranger Policy Manager, >> and to have restrictive permissions at the HDFS level.” >> >> >> >> So setting very restrictive permissions with HDFS allows to manage >> entirely the cluster security with Ranger. >> >> Still, as I noticed some small mistakes, do you know how I can contribute >> to the documentation improvement ? >> >> >> >> Thanks for your help, >> >> >> >> >> >> Loïc >> >> >> >> >> >> *De :* Don Bosco Durai [mailto:[email protected] >> <[email protected]>] *De la part de* Don Bosco Durai >> *Envoyé :* mercredi 29 avril 2015 17:45 >> *À :* [email protected] >> *Objet :* Re: Troubles with HDFS policies >> >> >> >> Check hdfs dfs -ls $folderName. In the case of HDFS, if Ranger doesn’t >> find any permission in it’s policy database, then it falls back to HDFS >> permission check. So make sure in the HDFS level, you have 700 or even 000 >> for the given folder and manage all the permissions via Ranger. We >> recommend pick all relevant folders (e.g Hive data warehouse folder) and do >> hdfs dfs -chown -R hdfs:hdfs $folderName and hdfs dfs –chmod 000 –R >> $folderName. >> >> >> >> Please note, falling back to native permission is only available in HDFS. >> There is a switch to turn it off, but you have to be cautious when using it. >> >> >> >> Thanks >> >> >> >> Bosco >> >> >> >> >> >> *From: *Chanel Loïc <[email protected]> >> *Reply-To: *"[email protected]" < >> [email protected]> >> *Date: *Wednesday, April 29, 2015 at 5:24 AM >> *To: *"[email protected]" < >> [email protected]> >> *Subject: *Troubles with HDFS policies >> >> >> >> Hi All, >> >> >> >> As I am trying to set a Hadoop secured cluster with Ranger, I encountered >> some troubles. >> >> The principal one consists in the fact that even if I have no rights to >> read, write or execute files in a directory, I still can execute a ls >> command (hdfs dfs –ls /testdir) showing me the files that I should not be >> able to read, or even see. I can even see the file contents by making a cat >> on these files (hdfs dfs –cat /testdir/testfile) that I should not be able >> to read, which is even more problematic to me. >> >> In parallel, I am not able to put any files in the directory (Permission >> denied for hdfs dfs –put myotherfile /testdir/myotherfile), which makes me >> think the policies are correctly set. >> >> >> >> Does that sound quite normal to you ? Do you see a solution to make sure >> my user toto cannot see what is in the repository of my user tata ? >> >> Thanks for your help, >> >> >> >> >> >> Loïc Chanel >> >> >> ------------------------------ >> >> >> Ce message et les pièces jointes sont confidentiels et réservés à l'usage >> exclusif de ses destinataires. Il peut également être protégé par le secret >> professionnel. Si vous recevez ce message par erreur, merci d'en avertir >> immédiatement l'expéditeur et de le détruire. L'intégrité du message ne >> pouvant être assurée sur Internet, la responsabilité de Worldline ne pourra >> être recherchée quant au contenu de ce message. Bien que les meilleurs >> efforts soient faits pour maintenir cette transmission exempte de tout >> virus, l'expéditeur ne donne aucune garantie à cet égard et sa >> responsabilité ne saurait être recherchée pour tout dommage résultant d'un >> virus transmis. >> >> This e-mail and the documents attached are confidential and intended >> solely for the addressee; it may also be privileged. If you receive this >> e-mail in error, please notify the sender immediately and destroy it. As >> its integrity cannot be secured on the Internet, the Worldline liability >> cannot be triggered for the message content. Although the sender endeavours >> to maintain a computer virus-free network, the sender does not warrant that >> this transmission is virus-free and will not be liable for any damages >> resulting from any virus transmitted. >> >> >> ------------------------------ >> >> >> Ce message et les pièces jointes sont confidentiels et réservés à l'usage >> exclusif de ses destinataires. Il peut également être protégé par le secret >> professionnel. Si vous recevez ce message par erreur, merci d'en avertir >> immédiatement l'expéditeur et de le détruire. L'intégrité du message ne >> pouvant être assurée sur Internet, la responsabilité de Worldline ne pourra >> être recherchée quant au contenu de ce message. Bien que les meilleurs >> efforts soient faits pour maintenir cette transmission exempte de tout >> virus, l'expéditeur ne donne aucune garantie à cet égard et sa >> responsabilité ne saurait être recherchée pour tout dommage résultant d'un >> virus transmis. >> >> This e-mail and the documents attached are confidential and intended >> solely for the addressee; it may also be privileged. If you receive this >> e-mail in error, please notify the sender immediately and destroy it. As >> its integrity cannot be secured on the Internet, the Worldline liability >> cannot be triggered for the message content. Although the sender endeavours >> to maintain a computer virus-free network, the sender does not warrant that >> this transmission is virus-free and will not be liable for any damages >> resulting from any virus transmitted. >> >> >> ------------------------------ >> >> >> Ce message et les pièces jointes sont confidentiels et réservés à l'usage >> exclusif de ses destinataires. Il peut également être protégé par le secret >> professionnel. Si vous recevez ce message par erreur, merci d'en avertir >> immédiatement l'expéditeur et de le détruire. L'intégrité du message ne >> pouvant être assurée sur Internet, la responsabilité de Worldline ne pourra >> être recherchée quant au contenu de ce message. Bien que les meilleurs >> efforts soient faits pour maintenir cette transmission exempte de tout >> virus, l'expéditeur ne donne aucune garantie à cet égard et sa >> responsabilité ne saurait être recherchée pour tout dommage résultant d'un >> virus transmis. >> >> This e-mail and the documents attached are confidential and intended >> solely for the addressee; it may also be privileged. If you receive this >> e-mail in error, please notify the sender immediately and destroy it. As >> its integrity cannot be secured on the Internet, the Worldline liability >> cannot be triggered for the message content. Although the sender endeavours >> to maintain a computer virus-free network, the sender does not warrant that >> this transmission is virus-free and will not be liable for any damages >> resulting from any virus transmitted. >> >> >> ------------------------------ >> >> Ce message et les pièces jointes sont confidentiels et réservés à l'usage >> exclusif de ses destinataires. Il peut également être protégé par le secret >> professionnel. Si vous recevez ce message par erreur, merci d'en avertir >> immédiatement l'expéditeur et de le détruire. L'intégrité du message ne >> pouvant être assurée sur Internet, la responsabilité de Worldline ne pourra >> être recherchée quant au contenu de ce message. Bien que les meilleurs >> efforts soient faits pour maintenir cette transmission exempte de tout >> virus, l'expéditeur ne donne aucune garantie à cet égard et sa >> responsabilité ne saurait être recherchée pour tout dommage résultant d'un >> virus transmis. >> >> This e-mail and the documents attached are confidential and intended >> solely for the addressee; it may also be privileged. If you receive this >> e-mail in error, please notify the sender immediately and destroy it. As >> its integrity cannot be secured on the Internet, the Worldline liability >> cannot be triggered for the message content. Although the sender endeavours >> to maintain a computer virus-free network, the sender does not warrant that >> this transmission is virus-free and will not be liable for any damages >> resulting from any virus transmitted. >> >> >
