AnsweredAssumed Answered

Unable to write to mapr volume even though ACEs and local permissions seem correct

Question asked by reedv on Mar 6, 2018
Latest reply on Mar 8, 2018 by chandra

I have a user with id

 

bash-4.2$ id
uid=5001(sdcuser) gid=5002(sdcuser) groups=5002(sdcuser),5000(mygroup)

 

The user has access authenticated access to the cluster, evidenced via my ability to run

 

bash-4.2$ hadoop mfs -ls /mapr/mycluster.cluster.local/parent/of/myvolume/
Found 1 items
vrwxr-xr-x Z E A 3 mapr mapr 0 2018-03-06 11:34 268435456 /mapr/uceramapr.cluster.local/data_repo_mt/sa_landing_archive/jabsom-pilot-brfss_sa
p jabsom-pilot-brfss_sa default 3209.32.131394 -> 3214.16.2 mapr002.ucera.local:5660 mapr001.ucera.local:5660 mapr005.ucera.local:5660

 

as the user (notice that the permissions for the volume are rwxr-xr-x, implying a lack of write permissions for the group). Yet when running

 

bash-4.2$ maprcli volume info -name myvolume -json

I can see

 

...
"limitspread":"true",
"partlyOutOfTopology":0,
"wireSecurity":1,
"auditVolume":0,
"audited":1,
"forceAudit":1,
"coalesceInterval":60,
"enableddataauditoperations":"setattr,chown,chperm,chgrp,getxattr,listxattr,setxattr,removexattr,read,write,create,delete,mkdir,readdir,rmdir,createsym,lookup,rename,createdev,truncate,tablecfcreate,tablecfdelete,tablecfmodify,tablecfScan,tableget,tableput,tablescan,tablecreate,tableinfo,tablemodify,getperm,getpathforfid,hardlink",
"disableddataauditoperations":"getattr",
"volumeAces":{
"writeAce":"g:mapr",
"readAce":"g:mapr"
},
...

 

indicating that the group that the user claims as a secondary group should actually have write permissionsThis however, does not seem to be the actual case as running 

bash-4.2$ touch test.txt
touch: cannot touch ‘test.txt’: Permission denied

shows that I am unable to write to the volume.

Outcomes