Just realized responding to wrong email On Tue, Dec 24, 2019 at 9:35 AM Reed Villanueva <[email protected]> wrote:
> Found the docs here ( > https://hadoop.apache.org/docs/r2.7.2/hadoop-project-dist/hadoop-common/Superusers.html). > Not much experience with HDFS admin, but > > In other words super is impersonating the user joe > > gives me some concern about security. Could anyone help allay these > concerns? > > On Tue, Dec 24, 2019 at 9:31 AM Reed Villanueva <[email protected]> > wrote: > >> Looking at more existing post here ( >> https://community.cloudera.com/t5/Support-Questions/Unauthorized-connection-for-super-user-root-from...) >> and here ( >> https://community.cloudera.com/t5/Support-Questions/File-View-Error-Unauthorized-connection-for-supe...) >> found that also needed to change >> >> hadoop.proxyuser.root.hosts=* >> >> Setting this in HDFS configs in ambari and restarting the required >> services seems to have fixed the problem. >> ------------------------------ >> >> Could anyone help explain this config a bit more or link to docs >> explaining exactly what it does / means (ie. I hope it does not imply that >> root / super-user privileges are conferred to other users accessing HDFS in >> any way)? >> >> On Mon, Dec 23, 2019 at 2:51 PM Reed Villanueva <[email protected]> >> wrote: >> >>> Is there any way for Ambari FileView or HDFS NFS Gateway to only show >>> users certain folders (eg. only thier /user/<username> folders)? My use >>> case is that I want to give easier access to HDFS to users (ie. not just >>> using "hadoop fs ..." CLI), but do not want them to be able to freely >>> explore the default HDFS root (especially since I am not sure if the >>> default permissions for the default folders in hdfs root are secure enough). >>> >>> >>> From the Ambari FileView side, is it possible to create a View that only >>> shows a select path of paths in HDFS? >>> >>> -------------------- >>> Any docs maybe on recommended security / permission configurations for >>> the default HDFS root folders? (I have ranger and AD/LDAP set up, but just >>> not sure how the default hdfs dirs should be secured). >>> >> -- This electronic message is intended only for the named recipient, and may contain information that is confidential or privileged. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or use of the contents of this message is strictly prohibited. If you have received this message in error or are not the named recipient, please notify us immediately by contacting the sender at the electronic mail address noted above, and delete and destroy all copies of this message. Thank you.
