码迷,mamicode.com
首页 > 其他好文 > 详细

七:HDFS Permissions Guide 权限

时间:2017-08-30 23:48:33      阅读:424      评论:0      收藏:0      [点我收藏+]

标签:perm   系统权限   文件系统   配置参数   controls   启用   org   client   other   

1.权限模式
    简单:启动HDFS的操作系统用户即为超级用户,可以通过HADOOP_USER_NAME指定
    kerberos:

2.group mapping 
    组列表由group mapping service完成,该服务由hadoop.security.group.mapping参数决定,默认值是org.apache.hadoop.security.JniBasedUnixGroupsMappingWithFallback,即由JNI. 如果没有JNI, 使用org.apache.hadoop.security.ShellBasedUnixGroupsMapping,意思是使用shell命令bash -c groups决定group. group mapping 服务由namenode提供

3.如何执行权限
    每次执行一个操作之前都会检查权限。客户端会把用户标识发给namenode.

4.改变文件系统权限的API
    
  • public FSDataOutputStream create(Path f, FsPermission permission, boolean overwrite, int bufferSize, short replication, long blockSize, Progressable progress) throws IOException;
  • public boolean mkdirs(Path f, FsPermission permission) throws IOException;
  • public void setPermission(Path p, FsPermission permission) throws IOException;
  • public void setOwner(Path p, String username, String groupname) throws IOException;
  • public FileStatus getFileStatus(Path f) throws IOException;

5.改变文件系统权限的shell
   
  • chmod [-R] mode file …

    Only the owner of a file or the super-user is permitted to change the mode of a file.

  • chgrp [-R] group file …

    The user invoking chgrp must belong to the specified group and be the owner of the file, or be the super-user.

  • chown [-R] [owner][:[group]] file …

    The owner of a file may only be altered by a super-user.

  • ls file …
  • lsr file …
以上命令使用bin/hdfs dfs -执行

6.配置参数
 
  • dfs.permissions.enabled = true   是否启用权限

    If yes use the permissions system as described here. If no, permission checking is turned off, but all other behavior is unchanged. Switching from one parameter value to the other does not change the mode, owner or group of files or directories. Regardless of whether permissions are on or off, chmod, chgrp, chown and setfacl always check permissions. These functions are only useful in the permissions context, and so there is no backwards compatibility issue. Furthermore, this allows administrators to reliably set owners and permissions in advance of turning on regular permissions checking.

  • dfs.web.ugi = webuser,webgroup   

    The user name to be used by the web server. Setting this to the name of the super-user allows any web client to see everything. Changing this to an otherwise unused identity allows web clients to see only those things visible using "other" permissions. Additional groups may be added to the comma-separated list.

  • dfs.permissions.superusergroup = supergroup   超级用户组

    The name of the group of super-users.

  • fs.permissions.umask-mode = 0022    

    The umask used when creating files and directories. For configuration files, the decimal value 18 may be used.

  • dfs.cluster.administrators = ACL-for-admins

    The administrators for the cluster specified as an ACL. This controls who can access the default servlets, etc. in the HDFS.

  • dfs.namenode.acls.enabled = true  

    Set to true to enable support for HDFS ACLs (Access Control Lists). By default, ACLs are disabled. When ACLs are disabled, the NameNode rejects all attempts to set an ACL.













七:HDFS Permissions Guide 权限

标签:perm   系统权限   文件系统   配置参数   controls   启用   org   client   other   

原文地址:http://www.cnblogs.com/skyrim/p/7455590.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!