1.开启权限配置
修改hdfs-site.xml配置文件,添加:1
2
3
4<property>
<name>dfs.namenode.acls.enabled</name>
<value>true</value>
</property>
重启hdfs
2.查看目录权限1
bin/hdfs dfs -getfacl [-R] /path
[-R]可选
3.设置权限1
2
3
4
5
6
7
8
9
10
11
12
13hdfs dfs -setfacl [-R] [-b|-k -m|-x <acl_spec> <path>]|[--set <acl_spec> <path>]
<!-- COMMAND OPTIONS
<path>: Path to the file or directory for which ACLs should be set.
-R: Use this option to recursively list ACLs for all files and directories.
-b: Revoke all permissions except the base ACLs for user, groups and others.
-k: Remove the default ACL.
-m: Add new permissions to the ACL with this option. Does not affect existing permissions.
-x: Remove only the ACL specified.
<acl_spec>: Comma-separated list of ACL permissions.
--set: Use this option to completely replace the existing ACL for the path specified.
Previous ACL entries will no longer apply.
-->
例子:
在指定路径下,给用户ben赋予rw权限1
hdfs dfs -setfacl -m user:ben:rw- /user/hdfs/file
取消用户alice权限1
hdfs dfs -setfacl -x user:alice /user/hdfs/file
给用户hadoop赋予rw权限,给目录所属组,以及其他用户赋予r只读权限1
hdfs dfs -setfacl --set user::rw-,user:hadoop:rw-,group::r--,other::r-- /user/hdfs/file
注:mask的作用是做一层过滤,用户真正的权限是:用户显示的权限 与 mask权限的并集。 mask权限可以由chmod来进行修改。默认值随着setfacl指令而扩展。