About
POSIX style permissions/HDFS ACLs in HDFS is one authorization method .
By default, ACLs are disabled.
Articles Related
Acl Management
List
hdfs dfs -ls /
Found 24 items
drwxr-xr-x - root supergroup 0 2018-04-12 15:52 /HdiNotebooks
drwxr-xr-x - root supergroup 0 2018-04-12 15:54 /HdiSamples
drwxr-xr-x - hdfs supergroup 0 2018-04-12 15:42 /ams
drwxr-xr-x - hdfs supergroup 0 2018-04-12 15:42 /amshbase
drwxrwxrwx - yarn hadoop 0 2018-04-12 15:42 /app-logs
drwxr-xr-x - hdfs supergroup 0 2018-04-12 15:42 /apps
drwxr-xr-x - yarn hadoop 0 2018-04-12 15:42 /atshistory
drwxr-xr-x - admininformatica supergroup 0 2018-04-12 17:22 /blaze
drwxr-xr-x - root supergroup 0 2018-04-12 15:54 /custom-scriptaction-logs
drwxrwxrwx - admininformatica supergroup 0 2018-04-16 10:15 /dev
drwxr-xr-x - root supergroup 0 2018-04-12 15:54 /example
drwxr-xr-x - hbase supergroup 0 2018-04-12 15:42 /hbase
drwxr-xr-x - hdfs supergroup 0 2018-04-12 15:42 /hdp
drwxr-xr-x - hdfs supergroup 0 2018-04-25 12:08 /hive
drwxr-xr-x - mapred supergroup 0 2018-04-12 15:42 /mapred
drwx------ - admin supergroup 0 2018-04-12 17:26 /mapreducestaging
drwxrwxrwx - mapred hadoop 0 2018-04-12 15:42 /mr-history
drwxr-xr-x - admininformatica supergroup 0 2018-04-19 10:45 /spark
drwxr-xr-x - sshuser supergroup 0 2018-05-07 14:54 /stage
drwxr-xr-x - sshuser supergroup 0 2018-05-09 08:28 /stage_sqoop
drwxrwxrwx - hdfs supergroup 0 2018-04-18 07:04 /tmp
drwxr-xr-x - hdfs supergroup 0 2018-04-12 15:42 /user
drwxrwxrwx - yarn supergroup 0 2018-04-17 14:49 /var
drwxr-xr-x - admin supergroup 0 2018-04-13 01:05 /wasbprobec017ddc5-a901-43f8-97a1-d096c61fdeab
Enable
dfs.namenode.acls.enabled - Set to true to enable support for HDFS ACLs (Access Control Lists). By default, ACLs are disabled. When ACLs are disabled, the NameNode rejects all RPCs related to setting or getting ACLs.
hdfs getconf -confKey dfs.namenode.acls.enabled
false
Default
The default ACL for a new created file or directory can be based on:
umask
The fs.permissions.umask-mode parameter controls the default umask settings
Example:
hdfs getconf -confKey fs.permissions.umask-mode
022
Inherit from parent directory
dfs.namenode.posix.acl.inheritance.enabled Set to true to enable POSIX style ACL inheritance. When it is enabled and the create request comes from a compatible client, the NameNode will apply default ACLs from the parent directory to the create mode and ignore the client umask. If no default ACL found, it will apply the client umask.