This is documentation for MapR Version 5.0. You can also refer to MapR documentation for the latest release.

Skip to end of metadata
Go to start of metadata

MapR manages permissions using two mechanisms:

  • Cluster and volume permissions use access control lists (ACLs), which specify actions particular users are allowed to perform on a certain cluster or volume
  • MapR-FS permissions control access to directories and files in a manner similar to Linux file permissions. To manage permissions, you must have fc permissions.

Cluster and Volume Permissions

Cluster and volume permissions use ACLs, which you can edit using the MapR Control System or the acl commands.

Cluster Permissions

The following table lists the actions a user can perform on a cluster, and the corresponding codes used in the cluster ACL.

Code

Allowed Action

login

Log in to the MapR Control System, use the API and command-line interface, read access on cluster and volumes

ss

Start/stop services

cv

Create volumes

a

Administrative access (can edit and view ACLs, but cannot perform cluster operations)

fc

Full control over the cluster. This enables all cluster-related administrative options with the exception of changing the cluster ACLs.

Setting Cluster Permissions

You can modify cluster permissions using the acl set and acl edit commands, or using the MapR Control System.

To add cluster permissions using the MapR Control System:

  1. Expand the System Settings Views group and click Permissions to display the Edit Permissions dialog.
  2. Click [ + Add Permission ] to add a new row. Each row lets you assign permissions to a single user or group.
  3. Type the name of the user or group in the empty text field:
    • If you are adding permissions for a user, type u:<user>, replacing <user> with the username.
    • If you are adding permissions for a group, type g:<group>, replacing <group> with the group name.
  4. Click the Open Arrow ( ) to expand the Permissions dropdown.
  5. Select the permissions you want to grant to the user or group.
  6. Click OK to save the changes.

To remove cluster permissions using the MapR Control System:

  1. Expand the System Settings Views group and click Permissions to display the Edit Permissions dialog.
  2. Remove the desired permissions:
  3. To remove all permissions for a user or group:
    • Click the delete button ( ) next to the corresponding row.
  4. To change the permissions for a user or group:
    • Click the Open Arrow ( ) to expand the Permissions dropdown.
    • Unselect the permissions you wish to revoke from the user or group.
  5. Click OK to save the changes.

Volume Permissions

By default, the root user and the volume creator have full control permissions on the volume. The following table lists the actions a user can perform on a volume, and the corresponding codes used in the volume ACL.

Code

Allowed Action

dump

Dump or back up the volume

restore

Mirror or restore the volume

m

Modify volume properties, create and delete snapshots

d

Delete a volume

aAdministrator (can edit and view ACLs, but cannot perform volume operations)

fc

Full control over the volume (this enables all volume-related administrative options with the exception of changing the volume ACLs)

To mount or unmount volumes under a directory, the user must have read/write permissions on the directory (see MapR-FS Permissions).

You can set volume permissions using the acl edit and acl set commands, or using the MapR Control System.

To add volume permissions using the MapR Control System:

  1. Expand the MapR-FS group and click Volumes.
    • To create a new volume and set permissions, click New Volume to display the New Volume dialog.
    • To edit permissions on a existing volume, click the volume name to display the Volume Properties dialog.
  2. In the Permissions section, click [ + Add Permission ] to add a new row. Each row lets you assign permissions to a single user or group.
  3. Type the name of the user or group in the empty text field:
    • If you are adding permissions for a user, type u:<user>, replacing <user> with the username.
    • If you are adding permissions for a group, type g:<group>, replacing <group> with the group name.
  4. Click the Open Arrow ( ) to expand the Permissions dropdown.
  5. Select the permissions you wish to grant to the user or group.
  6. Click OK to save the changes.

To remove volume permissions using the MapR Control System:

  1. Expand the MapR-FS group and click Volumes.
  2. Click the volume name to display the Volume Properties dialog.
  3. Remove the desired permissions:
  4. To remove all permissions for a user or group:
    • Click the delete button ( ) next to the corresponding row.
  5. To change the permissions for a user or group:
    • Click the Open Arrow ( ) to expand the Permissions dropdown.
    • Unselect the permissions you wish to revoke from the user or group.
  6. Click OK to save the changes.

MapR-FS Permissions

MapR-FS permissions are similar to the POSIX permissions model. Each file and directory is associated with a user (the owner) and a group. You can set read, write, and execute permissions separately for:

  • The owner of the file or directory
  • Members of the group associated with the file or directory
  • All other users.

The permissions for a file or directory are called its mode. The mode of a file or directory can be expressed in two ways:

  • Text - a string that indicates the presence of the read (r), write (w), and execute (x) permission or their absence (-) for the owner, group, and other users respectively. Example:
    rwxr-xr-x
  • Octal - three octal digits (for the owner, group, and other users), that use individual bits to represent the three permissions. Example:
    755

Both rwxr-xr-x and 755 represent the same mode: the owner has all permissions, and the group and other users have read and execute permissions only.

Text Modes

String modes are constructed from the characters in the following table.

Text

Description

u

The file's owner.

g

The group associated with the file or directory.

o

Other users (users that are not the owner, and not in the group).

a

All (owner, group and others).

=

Assigns the permissions Example: "a=rw" sets read and write permissions and disables execution for all.

-

Removes a specific permission. Example: "a-x" revokes execution permission from all users without changing read and write permissions.

+

Adds a specific permission. Example: "a+x" grants execution permission to all users without changing read and write permissions.

r

Read permission

w

Write permission

x

Execute permission

Octal Modes

To construct each octal digit, add together the values for the permissions you wish to grant:

  • Read: 4
  • Write: 2
  • Execute: 1

Syntax

You can change the modes of directories and files in the MapR storage using either the hadoop fs command with the -chmod option, or using the chmod command via NFS. The syntax for both commands is similar:

  • hadoop fs -chmod [-R] <MODE>[,<MODE>]... | <OCTALMODE> <URI> [<URI> ...]
  • chmod [-R] <MODE>[,<MODE>]... | <OCTALMODE> <URI> [<URI> ...]

Parameters and Options

Parameter/Option

Description

-R

If specified, this option applies the new mode recursively throughout the directory structure.

MODE

A string that specifies a mode.

OCTALMODE

A three-digit octal number that specifies the new mode for the file or directory.

URI

A relative or absolute path to the file or directory for which to change the mode.

Examples

The following examples are all equivalent:

  • chmod 755 script.sh
  • chmod u=rwx,g=rx,o=rx script.sh
  • chmod u=rwx,go=rx script.sh
  • No labels