Bosco, I have tried both mysql db and solr as well, only plugin related auditing is being shown
On Mon, Nov 30, 2015 at 10:53 PM, Don Bosco Durai <[email protected]> wrote: > Yes, you should fix audit first. That will help in debugging these issues > also. > > BTW, are you using Solr or DB? > > Recommendation is to use Solr. Yesterday, I have uploaded a new package > for setting up Solr. It is available as attachment in > https://issues.apache.org/jira/browse/RANGER-728. The instructions are in > https://cwiki.apache.org/confluence/display/RANGER/Install+and+Configure+Solr+for+Ranger+Audits+-+Apache+Ranger+0.5 > > Give it a try. > > Thanks > > Bosco > > > From: Madhan Neethiraj <[email protected]> > Reply-To: <[email protected]> > Date: Monday, November 30, 2015 at 8:57 AM > > To: "[email protected]" <[email protected]> > Subject: Re: Group level permission are not working in ranger > > Hafiz, > > Few things to check: > 1. Do you have another policy in Ranger that allows WRITE access? > 2. Can you disable this policy and try mkdir? > > Fixing the issue with audit will help; audit log will have the details of > how the access was allowed (hadoop-acl or ranger-acl; in case of > ranger-acl, the policy-ID that determined the access). > > Madhan > > From: Hafiz Mujadid <[email protected]> > Reply-To: "[email protected]" < > [email protected]> > Date: Monday, November 30, 2015 at 6:16 AM > To: "[email protected]" <[email protected]> > Subject: Re: Group level permission are not working in ranger > > Bosco, > > I have followed above steps > > 1. drwxr-xr-x - hduser hadoop 0 2015-11-30 18:49 /pg > 2. changed the umask so newly created folder or files have following > permissions > d---rwxrwx - asma hadoop 0 2015-11-30 19:03 /pg/b > 3. i changed the ownership of all folders in hdfs with hduser:hadoop > 4. ran the command hdfs dfs -chmod -R 000 /pg > > > but still group level permissions are not working. > > my audits are not working, i am trying to figure out the issue with > audits. i will let you know when audits are available. > > > thanks > > On Mon, Nov 30, 2015 at 7:13 PM, Hafiz Mujadid <[email protected]> > wrote: > >> Bosco, >> >> I have followed above steps >> drwxr-xr-x - hduser hadoop 0 2015-11-30 18:49 /pg >> changed the umask so newly created folder or files have following >> permissions >> d---rwxrwx - asma hadoop 0 2015-11-30 19:03 /pg/b >> i changed the ownership of all folders in hdfs with hduser:hadoop >> >> but still group level permissions are not working. >> >> >> my audits are not working, i am trying to figure out the issue with >> audits. i will let you know when audits are available. >> >> >> thanks >> >> >> On Mon, Nov 30, 2015 at 9:34 AM, Don Bosco Durai <[email protected]> >> wrote: >> >>> Can you check Ranger Audits? >>> >>> Also, do couple of things: >>> 1. hdfs dfs -ls /pg (check the HDFS level permissions) >>> 2. In HDFS settngs, set the umask to 700 and restart name node. >>> 3. hdfs dfs -chown hdfs:hdfs /pg >>> 4. hdfs dfs -chmod -R 000 /pg >>> >>> For all user folders, e.g. /app/hive, do #3 and #4 as above. >>> >>> Bosco >>> >>> >>> From: Hafiz Mujadid <[email protected]> >>> Reply-To: <[email protected]> >>> Date: Sunday, November 29, 2015 at 8:29 PM >>> To: <[email protected]> >>> Subject: Re: Group level permission are not working in ranger >>> >>> Yes Bosco, directory is being created. >>> >>> On Mon, Nov 30, 2015 at 2:47 AM, Don Bosco Durai <[email protected]> >>> wrote: >>> >>>> What is happening here? Is the directory getting created? >>>> >>>> Thanks >>>> >>>> Bosco >>>> >>>> >>>> From: Hafiz Mujadid <[email protected]> >>>> Reply-To: <[email protected]> >>>> Date: Sunday, November 29, 2015 at 1:44 PM >>>> To: <[email protected]> >>>> Subject: Group level permission are not working in ranger >>>> >>>> Hi all >>>> >>>> I am trying to apply permission on an ldap group but it's not working >>>> >>>> [image: Inline image 1] >>>> >>>> >>>> But when i run following command >>>> *HADOOP_USER_NAME=asma hdfs dfs -mkdir /pg/b* >>>> >>>> i works successfully >>>> what is the issue? ldap users and groups are synced correctly as when i >>>> run the command *hdfs groups asma* it returns correct group >>>> asma : datascientist >>>> >>>> >>> >>> >>> -- >>> Regards: HAFIZ MUJADID >>> >>> >> >> >> -- >> Regards: HAFIZ MUJADID >> > > > > -- > Regards: HAFIZ MUJADID > > -- Regards: HAFIZ MUJADID
