Directories and files created by using the Hadoop FileSystem APIs on GPFS use default permissions
When creating directories and files by using the Hadoop FileSystem APIs, the created directories and files use the default permissions of 777. A non-administrative user can change the ownership of directories or files to another user.
Default permissions are applied when creating directories and files by using the Hadoop FileSystem APIs, and the umask settings are not effective.
The lack of permissions checks allow non-administrative users to change permissions and ownership of files that should have restricted access to administrator users only.
This problem does not occur when using Linux shell commands or Portable Operating System Interface (POSIX) APIs to directly interact with GPFS.
This problem occurs in InfoSphere BigInsights installations that use GPFS, when creating directories or files by using the Hadoop FileSystem APIs. These APIs are used by any application that interacts with the distributed file system, including the Hadoop File System shell commands, the InfoSphere BigInsights Console capabilities for creating directories and files, and the MapReduce framework.
Resolving the problem
Change the permissions for directories and files in GPFS to be restrictive, such as setting the permissions to 700. When users do not have permissions to access directories or files, the icon for setting permissions on the Files tab is disabled in the InfoSphere BigInsights Console. To request a patch for this problem, contact IBM Support.
Translate this page: