Re: HDFS ACLs dependency

Thu, 04 Feb 2016 14:31:35 -0800 

# NOTE: These command must be done AFTER acls are
#       enabled and HDFS has been restarted
echo "***INFO: Setting HDFS ACLs for snapshot scan support"
sudo su hdfs --command "$HADOOP_BIN_PATH/hdfs dfs -mkdir -p /hbase/archive"
if [ $? != 0 ]; then
   echo "***ERROR: ($HADOOP_BIN_PATH/hdfs dfs -mkdir -p /hbase/archive)
command failed"
   exit -1
fi
sudo su hdfs --command "$HADOOP_BIN_PATH/hdfs dfs -chown hbase:hbase
/hbase/archive"
if [ $? != 0 ]; then
   echo "***ERROR: ($HADOOP_BIN_PATH/hdfs dfs -chown hbase:hbase
/hbase/archive) command failed"
   exit -1
fi
sudo su hdfs --command "$HADOOP_BIN_PATH/hdfs dfs -setfacl -R -m
user:$TRAF_USER:rwx /hbase/archive"
if [ $? != 0 ]; then
   echo "***ERROR: ($HADOOP_BIN_PATH/hdfs dfs -setfacl -R -m
user:$TRAF_USER:rwx /hbase/archive) command failed"
   exit -1
fi
sudo su hdfs --command "$HADOOP_BIN_PATH/hdfs dfs -setfacl -R -m
default:user:$TRAF_USER:rwx /hbase/archive"
if [ $? != 0 ]; then
   echo "***ERROR: ($HADOOP_BIN_PATH/hdfs dfs -setfacl -R -m
default:user:$TRAF_USER:rwx /hbase/archive) command failed"
   exit -1
fi
sudo su hdfs --command "$HADOOP_BIN_PATH/hdfs dfs -setfacl -R -m mask::rwx
/hbase/archive"
if [ $? != 0 ]; then
   echo "***ERROR: ($HADOOP_BIN_PATH/hdfs dfs -setfacl -R -m mask::rwx
/hbase/archive) command failed"
   exit -1
fi


Here is the code that needs ACLS to be set to true. Maybe this helps ... :)

On Thu, Feb 4, 2016 at 2:26 PM, Gunnar Tapper <[email protected]>
wrote:

> Hi,
>
> I noticed that Trafodion requires that dfs.namenode.acls.enabled is set to
> true. The reason for this seems to be a desire to do a set setfacl on
> hbase/archive.
>
> Is this a true requirement or an embedded best practices?
>
> I'm wondering since we're now imposing security policies on the user even
> if the user has chosen to rely on the traditional POSIX permission model
> over implementing the extended POSIX ACL model. Also, how does this HDFS
> configuration flag relate to a user that is using Kerberos?
>
> --
> Thanks,
>
> Gunnar
> *If you think you can you can, if you think you can't you're right.*
>



-- 
Thanks,

Amanda Moran

Reply via email to