[RANGER-482] HDFS plugin denies access even when policy exists to allow the access - ASF JIRA

Attach files

Attach Screenshot

Voters

Watch issue

Watchers

Create sub-task

Link

Clone

Update Comment Author

Replace String in Comment

Update Comment Visibility

Delete Comments

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 0.5.0
Fix Version/s: 0.5.0
Component/s: plugins
Labels:
None

Description

Here are the steps to reproduce this issue (thanks Ramesh Mani):

sudo su hdfs
hdfs dfs -mkdir -p /demo/data
hdfs dfs -chmod 700 /demo
hdfs dfs -chmod 700 /demo/data
Create a Ranger policy that allows rwx access on /demo directory to user “guest”, with recursive enabled.
sudo su guest
hdfs dfs -ls /demo (this works )
hdfs dfs –ls /demo/data (this fails with the following error)
ls: Permission denied: user=guest, access=EXECUTE, inode="/demo/data":hdfs:hdfs:drwx------

Since a Ranger policy exists to allow 'rwx' access to user 'guest' on files and directories under /demo, the user should be allowed to "ls /demo/data".

Attachments

0001-RANGER-482-HDFS-plugin-updated-to-check-for-traverse.patch
19/May/15 21:42
3 kB
Madhan Neethiraj
0001-RANGER-482-HDFS-plugin-updated-to-check-for-traverse.patch
17/May/15 07:09
3 kB
Madhan Neethiraj

Activity

Comment

This comment will be Viewable by All Users Viewable by All Users

Cancel

People

Assignee:: Madhan Neethiraj

Reporter:: Madhan Neethiraj

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 16/May/15 06:22

Updated:: 19/May/15 21:42

Resolved:: 19/May/15 21:42

Agile

View on Board

HDFS plugin denies access even when policy exists to allow the access

Details

Description

Attachments

Attachments

Activity

People

Dates

Agile

Slack

Issue deployment