[ https://issues.apache.org/jira/browse/HADOOP-11321?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14218764#comment-14218764 ]
Chris Nauroth commented on HADOOP-11321: ---------------------------------------- The access denied error occurs in libwinutils.c, in {{ChangeFileModeByMask}}, when it calls the Windows API {{SetFileSecurity}} with a security descriptor containing the new discretionary access control list. The SMB share denies the {{WRITE_DAC}} right. More details on those APIs are here: http://msdn.microsoft.com/en-us/library/windows/desktop/aa379577(v=vs.85).aspx http://msdn.microsoft.com/en-us/library/windows/desktop/aa374892(v=vs.85).aspx > copyToLocal cannot save a file to an SMB share unless the user has Full > Control permissions. > -------------------------------------------------------------------------------------------- > > Key: HADOOP-11321 > URL: https://issues.apache.org/jira/browse/HADOOP-11321 > Project: Hadoop Common > Issue Type: Bug > Components: fs > Affects Versions: 2.6.0 > Reporter: Chris Nauroth > Assignee: Chris Nauroth > > In Hadoop 2, it is impossible to use {{copyToLocal}} to copy a file from HDFS > to a destination on an SMB share. This is because in Hadoop 2, the > {{copyToLocal}} maps to 2 underlying {{RawLocalFileSystem}} operations: > {{create}} and {{setPermission}}. On an SMB share, the user may be > authorized for the {{create}} but denied for the {{setPermission}}. Windows > denies the {{WRITE_DAC}} right required by {{setPermission}} unless the user > has Full Control permissions. Granting Full Control isn't feasible for most > deployments, because it's insecure. This is a regression from Hadoop 1, > where {{copyToLocal}} only did a {{create}} and didn't do a separate > {{setPermission}}. -- This message was sent by Atlassian JIRA (v6.3.4#6332)