Found solution. Basically helped hdfs dfs -chmod -R 000 /user/margusja
and now Ranger took over.
So how to disable Hadoop HDFS built in authorization? Or I have to chmod
-R 000 / ?
Margus (margusja) Roo
http://margus.roo.ee
skype: margusja
+372 51 48 780
On 17/12/15 14:30, Margus Roo wrote:
Hi thanks for answer.
At the moment margusja is in group margusja
[margusja@hadoopnn2 ~]$ id margusja
uid=1016(margusja) gid=1016(margusja) groups=1016(margusja)
Margus (margusja) Roo
http://margus.roo.ee
skype: margusja
+372 51 48 780
On 17/12/15 14:25, lukas nalezenec wrote:
Hi,
I solved this problem last week. I am also using SIMPLE auth.
If you are solving the same problem then after removing user margusja
from group hdfs it should work.
Lukas
2015-12-17 13:20 GMT+01:00 Margus Roo <[email protected]
<mailto:[email protected]>>:
Hi
I am new Ranger user and perhaps I did something wrong.
Installed Ranger via Ambari. I can log into Ranger UI and all
Unix local users are synced and there is configuration under HDFS
resource and test connection gives OK.
I can see loads of hdfs@... records with 200 under audit plugins tab.
Now I am a little confused.
I can still do all operations with HDFS. Like there is no ranger
hdfs plugin activated.
in namenode I see:
authorize.ServiceAuthorizationManager
(ServiceAuthorizationManager.java:authorize(135)) - Authorization
successful for margusja (auth:SIMPLE) for protocol=interface
org.apache.hadoop.hdfs.protocol.ClientProtocol
But I do not have any rules for margusja in Ranger.
What I expect is that user margusja will get permission denied.
I use hdfs simple auth not kerberos. Is is possible use ranger
authorization without kerberos?
--
Margus (margusja) Roo
http://margus.roo.ee
skype: margusja
+372 51 48 780 <tel:%2B372%2051%2048%20780>
