Sorry, my mistake, you have to set the umask as 077 and restart name node. By default, the HDFS umask is 022, which means group and others have rx permissions. So regardless what you set in Ranger, all users will have read access. So you need to change the mask to 077, so by default group and others have no permissions.
The reason you need to run do chmod –R 000 one time is to reset all the permissions. So going forward all permission will be x00. Bosco From: Hafiz Mujadid <hafizmujadi...@gmail.com> Reply-To: <user@ranger.incubator.apache.org> Date: Monday, November 30, 2015 at 6:18 AM To: <user@ranger.incubator.apache.org> Subject: Re: Group level permission are not working in ranger Bosco, By the way, i could not understand the reason to perform above steps, can you explain them? thanks On Mon, Nov 30, 2015 at 7:16 PM, Hafiz Mujadid <hafizmujadi...@gmail.com> wrote: Bosco, I have followed above steps drwxr-xr-x - hduser hadoop 0 2015-11-30 18:49 /pg changed the umask so newly created folder or files have following permissions d---rwxrwx - asma hadoop 0 2015-11-30 19:03 /pg/b i changed the ownership of all folders in hdfs with hduser:hadoop ran the command hdfs dfs -chmod -R 000 /pg but still group level permissions are not working. my audits are not working, i am trying to figure out the issue with audits. i will let you know when audits are available. thanks On Mon, Nov 30, 2015 at 7:13 PM, Hafiz Mujadid <hafizmujadi...@gmail.com> wrote: Bosco, I have followed above steps drwxr-xr-x - hduser hadoop 0 2015-11-30 18:49 /pg changed the umask so newly created folder or files have following permissions d---rwxrwx - asma hadoop 0 2015-11-30 19:03 /pg/b i changed the ownership of all folders in hdfs with hduser:hadoop but still group level permissions are not working. my audits are not working, i am trying to figure out the issue with audits. i will let you know when audits are available. thanks On Mon, Nov 30, 2015 at 9:34 AM, Don Bosco Durai <bo...@apache.org> wrote: Can you check Ranger Audits? Also, do couple of things: 1. hdfs dfs -ls /pg (check the HDFS level permissions) 2. In HDFS settngs, set the umask to 700 and restart name node. 3. hdfs dfs -chown hdfs:hdfs /pg 4. hdfs dfs -chmod -R 000 /pg For all user folders, e.g. /app/hive, do #3 and #4 as above. Bosco From: Hafiz Mujadid <hafizmujadi...@gmail.com> Reply-To: <user@ranger.incubator.apache.org> Date: Sunday, November 29, 2015 at 8:29 PM To: <user@ranger.incubator.apache.org> Subject: Re: Group level permission are not working in ranger Yes Bosco, directory is being created. On Mon, Nov 30, 2015 at 2:47 AM, Don Bosco Durai <bo...@apache.org> wrote: What is happening here? Is the directory getting created? Thanks Bosco From: Hafiz Mujadid <hafizmujadi...@gmail.com> Reply-To: <user@ranger.incubator.apache.org> Date: Sunday, November 29, 2015 at 1:44 PM To: <user@ranger.incubator.apache.org> Subject: Group level permission are not working in ranger Hi all I am trying to apply permission on an ldap group but it's not working But when i run following command HADOOP_USER_NAME=asma hdfs dfs -mkdir /pg/b i works successfully what is the issue? ldap users and groups are synced correctly as when i run the command hdfs groups asma it returns correct group asma : datascientist -- Regards: HAFIZ MUJADID -- Regards: HAFIZ MUJADID -- Regards: HAFIZ MUJADID -- Regards: HAFIZ MUJADID