source: proiecte/HadoopJUnit/hadoop-0.20.1/docs/hdfs_permissions_guide.html @ 120

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta content="Apache Forrest" name="Generator">
<meta name="Forrest-version" content="0.8">
<meta name="Forrest-skin-name" content="pelt">
<title>
      HDFS Permissions Guide
    </title>
<link type="text/css" href="skin/basic.css" rel="stylesheet">
<link media="screen" type="text/css" href="skin/screen.css" rel="stylesheet">
<link media="print" type="text/css" href="skin/print.css" rel="stylesheet">
<link type="text/css" href="skin/profile.css" rel="stylesheet">
<script src="skin/getBlank.js" language="javascript" type="text/javascript"></script><script src="skin/getMenu.js" language="javascript" type="text/javascript"></script><script src="skin/fontsize.js" language="javascript" type="text/javascript"></script>
<link rel="shortcut icon" href="images/favicon.ico">
</head>
<body onload="init()">
<script type="text/javascript">ndeSetTextSize();</script>
<div id="top">
<!--+
    |breadtrail
    +-->
<div class="breadtrail">
<a href="http://www.apache.org/">Apache</a> &gt; <a href="http://hadoop.apache.org/">Hadoop</a> &gt; <a href="http://hadoop.apache.org/core/">Core</a><script src="skin/breadcrumbs.js" language="JavaScript" type="text/javascript"></script>
</div>
<!--+
    |header
    +-->
<div class="header">
<!--+
    |start group logo
    +-->
<div class="grouplogo">
<a href="http://hadoop.apache.org/"><img class="logoImage" alt="Hadoop" src="images/hadoop-logo.jpg" title="Apache Hadoop"></a>
</div>
<!--+
    |end group logo
    +-->
<!--+
    |start Project Logo
    +-->
<div class="projectlogo">
<a href="http://hadoop.apache.org/core/"><img class="logoImage" alt="Hadoop" src="images/core-logo.gif" title="Scalable Computing Platform"></a>
</div>
<!--+
    |end Project Logo
    +-->
<!--+
    |start Search
    +-->
<div class="searchbox">
<form action="http://www.google.com/search" method="get" class="roundtopsmall">
<input value="hadoop.apache.org" name="sitesearch" type="hidden"><input onFocus="getBlank (this, 'Search the site with google');" size="25" name="q" id="query" type="text" value="Search the site with google">&nbsp; 
                    <input name="Search" value="Search" type="submit">
</form>
</div>
<!--+
    |end search
    +-->
<!--+
    |start Tabs
    +-->
<ul id="tabs">
<li>
<a class="unselected" href="http://hadoop.apache.org/core/">Project</a>
</li>
<li>
<a class="unselected" href="http://wiki.apache.org/hadoop">Wiki</a>
</li>
<li class="current">
<a class="selected" href="index.html">Hadoop 0.20 Documentation</a>
</li>
</ul>
<!--+
    |end Tabs
    +-->
</div>
</div>
<div id="main">
<div id="publishedStrip">
<!--+
    |start Subtabs
    +-->
<div id="level2tabs"></div>
<!--+
    |end Endtabs
    +-->
<script type="text/javascript"><!--
document.write("Last Published: " + document.lastModified);
//  --></script>
</div>
<!--+
    |breadtrail
    +-->
<div class="breadtrail">

             &nbsp;
           </div>
<!--+
    |start Menu, mainarea
    +-->
<!--+
    |start Menu
    +-->
<div id="menu">
<div onclick="SwitchMenu('menu_1.1', 'skin/')" id="menu_1.1Title" class="menutitle">Getting Started</div>
<div id="menu_1.1" class="menuitemgroup">
<div class="menuitem">
<a href="index.html">Overview</a>
</div>
<div class="menuitem">
<a href="quickstart.html">Quick Start</a>
</div>
<div class="menuitem">
<a href="cluster_setup.html">Cluster Setup</a>
</div>
<div class="menuitem">
<a href="mapred_tutorial.html">Map/Reduce Tutorial</a>
</div>
</div>
<div onclick="SwitchMenu('menu_1.2', 'skin/')" id="menu_1.2Title" class="menutitle">Programming Guides</div>
<div id="menu_1.2" class="menuitemgroup">
<div class="menuitem">
<a href="commands_manual.html">Commands</a>
</div>
<div class="menuitem">
<a href="distcp.html">DistCp</a>
</div>
<div class="menuitem">
<a href="native_libraries.html">Native Libraries</a>
</div>
<div class="menuitem">
<a href="streaming.html">Streaming</a>
</div>
<div class="menuitem">
<a href="fair_scheduler.html">Fair Scheduler</a>
</div>
<div class="menuitem">
<a href="capacity_scheduler.html">Capacity Scheduler</a>
</div>
<div class="menuitem">
<a href="service_level_auth.html">Service Level Authorization</a>
</div>
<div class="menuitem">
<a href="vaidya.html">Vaidya</a>
</div>
<div class="menuitem">
<a href="hadoop_archives.html">Archives</a>
</div>
</div>
<div onclick="SwitchMenu('menu_selected_1.3', 'skin/')" id="menu_selected_1.3Title" class="menutitle" style="background-image: url('skin/images/chapter_open.gif');">HDFS</div>
<div id="menu_selected_1.3" class="selectedmenuitemgroup" style="display: block;">
<div class="menuitem">
<a href="hdfs_user_guide.html">User Guide</a>
</div>
<div class="menuitem">
<a href="hdfs_design.html">Architecture</a>
</div>
<div class="menuitem">
<a href="hdfs_shell.html">File System Shell Guide</a>
</div>
<div class="menupage">
<div class="menupagetitle">Permissions Guide</div>
</div>
<div class="menuitem">
<a href="hdfs_quota_admin_guide.html">Quotas Guide</a>
</div>
<div class="menuitem">
<a href="SLG_user_guide.html">Synthetic Load Generator Guide</a>
</div>
<div class="menuitem">
<a href="libhdfs.html">C API libhdfs</a>
</div>
</div>
<div onclick="SwitchMenu('menu_1.4', 'skin/')" id="menu_1.4Title" class="menutitle">HOD</div>
<div id="menu_1.4" class="menuitemgroup">
<div class="menuitem">
<a href="hod_user_guide.html">User Guide</a>
</div>
<div class="menuitem">
<a href="hod_admin_guide.html">Admin Guide</a>
</div>
<div class="menuitem">
<a href="hod_config_guide.html">Config Guide</a>
</div>
</div>
<div onclick="SwitchMenu('menu_1.5', 'skin/')" id="menu_1.5Title" class="menutitle">Miscellaneous</div>
<div id="menu_1.5" class="menuitemgroup">
<div class="menuitem">
<a href="api/index.html">API Docs</a>
</div>
<div class="menuitem">
<a href="jdiff/changes.html">API Changes</a>
</div>
<div class="menuitem">
<a href="http://wiki.apache.org/hadoop/">Wiki</a>
</div>
<div class="menuitem">
<a href="http://wiki.apache.org/hadoop/FAQ">FAQ</a>
</div>
<div class="menuitem">
<a href="releasenotes.html">Release Notes</a>
</div>
<div class="menuitem">
<a href="changes.html">Change Log</a>
</div>
</div>
<div id="credit"></div>
<div id="roundbottom">
<img style="display: none" class="corner" height="15" width="15" alt="" src="skin/images/rc-b-l-15-1body-2menu-3menu.png"></div>
<!--+
  |alternative credits
  +-->
<div id="credit2"></div>
</div>
<!--+
    |end Menu
    +-->
<!--+
    |start content
    +-->
<div id="content">
<div title="Portable Document Format" class="pdflink">
<a class="dida" href="hdfs_permissions_guide.pdf"><img alt="PDF -icon" src="skin/images/pdfdoc.gif" class="skin"><br>
        PDF</a>
</div>
<h1>
      HDFS Permissions Guide
    </h1>
<div id="minitoc-area">
<ul class="minitoc">
<li>
<a href="#Overview">Overview</a>
</li>
<li>
<a href="#User+Identity">User Identity</a>
</li>
<li>
<a href="#Understanding+the+Implementation">Understanding the Implementation</a>
</li>
<li>
<a href="#Changes+to+the+File+System+API">Changes to the File System API</a>
</li>
<li>
<a href="#Changes+to+the+Application+Shell">Changes to the Application Shell</a>
</li>
<li>
<a href="#The+Super-User">The Super-User</a>
</li>
<li>
<a href="#The+Web+Server">The Web Server</a>
</li>
<li>
<a href="#On-line+Upgrade">On-line Upgrade</a>
</li>
<li>
<a href="#Configuration+Parameters">Configuration Parameters</a>
</li>
</ul>
</div>
    
<a name="N1000D"></a><a name="Overview"></a>
<h2 class="h3">Overview</h2>
<div class="section">
<p>
                The Hadoop Distributed File System (HDFS) implements a permissions model for files and directories that shares much of the POSIX model. Each file and directory is associated with an <em>owner</em> and a <em>group</em>. The file or directory has separate permissions for the user that is the owner, for other users that are members of the group, and for all other users. For files, the <em>r</em> permission is required to read the file, and the <em>w</em> permission is required to write or append to the file. For directories, the <em>r</em> permission is required to list the contents of the directory, the <em>w</em> permission is required to create or delete files or directories, and the <em>x</em> permission is required to access a child of the directory. In contrast to the POSIX model, there are no <em>sticky</em>, <em>setuid</em> or <em>setgid</em> bits for files as there is no notion of executable files. For directories, there no <em>sticky</em>, <em>setuid</em> or <em>setgid</em> bits directory as a simplification. Collectively, the permissions of a file or directory are its <em>mode</em>. In general, Unix customs for representing and displaying modes will be used, including the use of octal numbers in this description. When a file or directory is created, its owner is the user identity of the client process, and its group is the group of the parent directory (the BSD rule).
        </p>
<p>
                Each client process that accesses HDFS has a two-part identity composed of the <em>user name</em>, and <em>groups list</em>. Whenever HDFS must do a permissions check for a file or directory <span class="codefrag">foo</span> accessed by a client process,
        </p>
<ul>
                
<li>
                   If the user name matches the owner of <span class="codefrag">foo</span>, then the owner permissions are tested;
                </li>
                
<li>
                   Else if the group of <span class="codefrag">foo</span> matches any of member of the groups list, then the group permissions are tested;
                </li>
                
<li>
                   Otherwise the other permissions of <span class="codefrag">foo</span> are tested.
                </li>
        
</ul>
<p>
                If a permissions check fails, the client operation fails.       
</p>
</div>


<a name="N10065"></a><a name="User+Identity"></a>
<h2 class="h3">User Identity</h2>
<div class="section">
<p>
In this release of Hadoop the identity of a client process is just whatever the host operating system says it is. For Unix-like systems,
</p>
<ul>

<li>
   The user name is the equivalent of <span class="codefrag">`whoami`</span>;
</li>

<li>
   The group list is the equivalent of <span class="codefrag">`bash -c groups`</span>.
</li>

</ul>
<p>
In the future there will be other ways of establishing user identity (think Kerberos, LDAP, and others). There is no expectation that this first method is secure in protecting one user from impersonating another. This user identity mechanism combined with the permissions model allows a cooperative community to share file system resources in an organized fashion.
</p>
<p>
In any case, the user identity mechanism is extrinsic to HDFS itself. There is no provision within HDFS for creating user identities, establishing groups, or processing user credentials.
</p>
</div>


<a name="N10083"></a><a name="Understanding+the+Implementation"></a>
<h2 class="h3">Understanding the Implementation</h2>
<div class="section">
<p>
Each file or directory operation passes the full path name to the name node, and the permissions checks are applied along the path for each operation. The client framework will implicitly associate the user identity with the connection to the name node, reducing the need for changes to the existing client API. It has always been the case that when one operation on a file succeeds, the operation might fail when repeated because the file, or some directory on the path, no longer exists. For instance, when the client first begins reading a file, it makes a first request to the name node to discover the location of the first blocks of the file. A second request made to find additional blocks may fail. On the other hand, deleting a file does not revoke access by a client that already knows the blocks of the file. With the addition of permissions, a client's access to a file may be withdrawn between requests. Again, changing permissions does not revoke the access of a client that already knows the file's blocks.
</p>
<p>
The map-reduce framework delegates the user identity by passing strings without special concern for confidentiality. The owner and group of a file or directory are stored as strings; there is no conversion from user and group identity numbers as is conventional in Unix.
</p>
<p>
The permissions features of this release did not require any changes to the behavior of data nodes. Blocks on the data nodes do not have any of the <em>Hadoop</em> ownership or permissions attributes associated with them.
</p>
</div>
     

<a name="N10096"></a><a name="Changes+to+the+File+System+API"></a>
<h2 class="h3">Changes to the File System API</h2>
<div class="section">
<p>
        All methods that use a path parameter will throw <span class="codefrag">AccessControlException</span> if permission checking fails.
</p>
<p>New methods:</p>
<ul>
        
<li>
                
<span class="codefrag">public FSDataOutputStream create(Path f, FsPermission permission, boolean overwrite, int bufferSize, short replication, long blockSize, Progressable progress) throws IOException;</span>
        
</li>
        
<li>
                
<span class="codefrag">public boolean mkdirs(Path f, FsPermission permission) throws IOException;</span>
        
</li>
        
<li>
                
<span class="codefrag">public void setPermission(Path p, FsPermission permission) throws IOException;</span>
        
</li>
        
<li>
                
<span class="codefrag">public void setOwner(Path p, String username, String groupname) throws IOException;</span>
        
</li>
        
<li>
                
<span class="codefrag">public FileStatus getFileStatus(Path f) throws IOException;</span> will additionally return the user, group and mode associated with the path.
        </li>


</ul>
<p>
The mode of a new file or directory is restricted my the <span class="codefrag">umask</span> set as a configuration parameter. When the existing <span class="codefrag">create(path, &hellip;)</span> method (<em>without</em> the permission parameter) is used, the mode of the new file is <span class="codefrag">666&thinsp;&amp;&thinsp;^umask</span>. When the new <span class="codefrag">create(path, </span><em>permission</em><span class="codefrag">, &hellip;)</span> method (<em>with</em> the permission parameter <em>P</em>) is used, the mode of the new file is <span class="codefrag">P&thinsp;&amp;&thinsp;^umask&thinsp;&amp;&thinsp;666</span>. When a new directory is created with the existing <span class="codefrag">mkdirs(path)</span> method (<em>without</em> the permission parameter), the mode of the new directory is <span class="codefrag">777&thinsp;&amp;&thinsp;^umask</span>. When the new <span class="codefrag">mkdirs(path, </span><em>permission</em> <span class="codefrag">)</span> method (<em>with</em> the permission parameter <em>P</em>) is used, the mode of new directory is <span class="codefrag">P&thinsp;&amp;&thinsp;^umask&thinsp;&amp;&thinsp;777</span>. 
</p>
</div>

     

<a name="N10100"></a><a name="Changes+to+the+Application+Shell"></a>
<h2 class="h3">Changes to the Application Shell</h2>
<div class="section">
<p>New operations:</p>
<dl>
        
<dt>
<span class="codefrag">chmod [-R]</span> <em>mode file &hellip;</em>
</dt>
        
<dd>
                Only the owner of a file or the super-user is permitted to change the mode of a file.
        </dd>
        
<dt>
<span class="codefrag">chgrp [-R]</span> <em>group file &hellip;</em>
</dt>
        
<dd>
                The user invoking <span class="codefrag">chgrp</span> must belong to the specified group and be the owner of the file, or be the super-user.
        </dd>
        
<dt>
<span class="codefrag">chown [-R]</span> <em>[owner][:[group]] file &hellip;</em>
</dt>
        
<dd>
                The owner of a file may only be altered by a super-user.
        </dd>
        
<dt>
<span class="codefrag">ls </span> <em>file &hellip;</em>
</dt>
<dd></dd>
        
<dt>
<span class="codefrag">lsr </span> <em>file &hellip;</em>
</dt>
        
<dd>
                The output is reformatted to display the owner, group and mode.
        </dd>

</dl>
</div>

     

<a name="N1013F"></a><a name="The+Super-User"></a>
<h2 class="h3">The Super-User</h2>
<div class="section">
<p>
        The super-user is the user with the same identity as name node process itself. Loosely, if you started the name node, then you are the super-user. The super-user can do anything in that permissions checks never fail for the super-user. There is no persistent notion of who <em>was</em> the super-user; when the name node is started the process identity determines who is the super-user <em>for now</em>. The HDFS super-user does not have to be the super-user of the name node host, nor is it necessary that all clusters have the same super-user. Also, an experimenter running HDFS on a personal workstation, conveniently becomes that installation's super-user without any configuration.
        </p>
<p>
        In addition, the administrator my identify a distinguished group using a configuration parameter. If set, members of this group are also super-users.
</p>
</div>


<a name="N10152"></a><a name="The+Web+Server"></a>
<h2 class="h3">The Web Server</h2>
<div class="section">
<p>
The identity of the web server is a configuration parameter. That is, the name node has no notion of the identity of the <em>real</em> user, but the web server behaves as if it has the identity (user and groups) of a user chosen by the administrator. Unless the chosen identity matches the super-user, parts of the name space may be invisible to the web server.</p>
</div>


<a name="N1015F"></a><a name="On-line+Upgrade"></a>
<h2 class="h3">On-line Upgrade</h2>
<div class="section">
<p>
If a cluster starts with a version 0.15 data set (<span class="codefrag">fsimage</span>), all files and directories will have owner <em>O</em>, group <em>G</em>, and mode <em>M</em>, where <em>O</em> and <em>G</em> are the user and group identity of the super-user, and <em>M</em> is a configuration parameter. </p>
</div>


<a name="N1017E"></a><a name="Configuration+Parameters"></a>
<h2 class="h3">Configuration Parameters</h2>
<div class="section">
<dl>
        
<dt>
<span class="codefrag">dfs.permissions = true </span>
</dt>
        
<dd>
                If <span class="codefrag">yes</span> use the permissions system as described here. If <span class="codefrag">no</span>, permission <em>checking</em> is turned off, but all other behavior is unchanged. Switching from one parameter value to the other does not change the mode, owner or group of files or directories.
                <p>
                
</p>
                Regardless of whether permissions are on or off, <span class="codefrag">chmod</span>, <span class="codefrag">chgrp</span> and <span class="codefrag">chown</span> <em>always</em> check permissions. These functions are only useful in the permissions context, and so there is no backwards compatibility issue. Furthermore, this allows administrators to reliably set owners and permissions in advance of turning on regular permissions checking.
        </dd>
        
<dt>
<span class="codefrag">dfs.web.ugi = webuser,webgroup</span>
</dt>
        
<dd>
                The user name to be used by the web server. Setting this to the name of the super-user allows any web client to see everything. Changing this to an otherwise unused identity allows web clients to see only those things visible using "other" permissions. Additional groups may be added to the comma-separated list.
        </dd>
        
<dt>
<span class="codefrag">dfs.permissions.supergroup = supergroup</span>
</dt>
        
<dd>
                The name of the group of super-users.
        </dd>
        
<dt>
<span class="codefrag">dfs.upgrade.permission = 777</span>
</dt>
        
<dd>
                The choice of initial mode during upgrade. The <em>x</em> permission is <em>never</em> set for files. For configuration files, the decimal value <em>511<sub>10</sub></em> may be used.
        </dd>
        
<dt>
<span class="codefrag">dfs.umask = 022</span>
</dt>
        
<dd>
                The <span class="codefrag">umask</span> used when creating files and directories. For configuration files, the decimal value <em>18<sub>10</sub></em> may be used.
        </dd>

</dl>
</div>

     
  
</div>
<!--+
    |end content
    +-->
<div class="clearboth">&nbsp;</div>
</div>
<div id="footer">
<!--+
    |start bottomstrip
    +-->
<div class="lastmodified">
<script type="text/javascript"><!--
document.write("Last Published: " + document.lastModified);
//  --></script>
</div>
<div class="copyright">
        Copyright &copy;
         2008 <a href="http://www.apache.org/licenses/">The Apache Software Foundation.</a>
</div>
<!--+
    |end bottomstrip
    +-->
</div>
</body>
</html>