Description
Submit a cluster entity as user "user1", schedule a feed entity as "user1". Now submit and schedule a feed entity as "user2" and feed submission can fail with the following error
Caused by: org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.AccessControlException): Permission denied: user=user2, access=WRITE, inode="/apps/falcon-user1/staging/falcon/workflows/feed":user1:falcon:drwxr-xr-x
at org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.checkFsPermission(FSPermissionChecker.java:271)
at org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.check(FSPermissionChecker.java:257)
at org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.check(FSPermissionChecker.java:238)
This is caused because Falcon creates <staging_dir>/falcon/workflows/feed and <staging_dir>/falcon/workflows/process only when a feed/process entity are scheduled. The owner of these dirs is the user scheduling the entity. The permissions are based on the default umask of the FS. If a new feed/process entity are being scheduled by a different user, things can fail.
Solution is to make <staging_dir>/falcon/workflows/feed and <staging_dir>/falcon/workflows/process owned by Falcon with permissions 777.
Attachments
Attachments
Issue Links
- is superceded by
-
FALCON-1649 777 permission issue on staging directory and on subdirectory
-
- Open
-
- links to
