是不是使用了Ranger Plugin呢? On Wed, Sep 15, 2021 at 10:26 igyu <i...@21cn.com> wrote:
> > 我的hadoop启用了kerberos 并与ldap集成 > > 我用kinit 切到jztwk上去创建了一个目录 /user/jztwk > 然后我用kinit 切到testldap上去删除/user/jztwk 竟然删除成功了。这个不是应该提示权限不对吗 > > drwxr-xr-x - jztwk supergroup 0 2021-09-14 17:46 /user/jztwk > drwxr-xr-x - zeppelin supergroup 0 2021-04-12 16:33 > /user/zeppelin > drwxr-xr-x - read_hive read_hive 0 2021-05-19 15:20 > /user/read_hive > > 然而我去删除/user/read_hive , /user/zeppelin都提示权限不足 > > jzyc@bigdser4:/hadoop/app$ hadoop fs -rm -r /user/zeppelin > rm: Failed to move to trash: hdfs://nameservice1/user/zeppelin: Permission > denied: user=testldap, access=ALL, > inode="/user/zeppelin":zeppelin:supergroup:drwxr-xr-x > jzyc@bigdser4:/hadoop/app$ hadoop fs -rm -r /user/read_hive > rm: Failed to move to trash: hdfs://nameservice1/user/read_hive: > Permission denied: user=testldap, access=ALL, > inode="/user/read_hive":read_hive:read_hive:drwxr-xr-x > > jzyc@bigdser4:/hadoop/app$ id testldap > uid=90001(testldap) gid=90001(testldap) groups=90001(testldap) > jzyc@bigdser4:/hadoop/app$ hdfs groups testldap > testldap : testldap > > testldap也不在超级用户组里啊,jztwk才是超级用户组。所以我不明白是怎么回事了 > > > igyu >
