Setting file system Permissions

The Data Fabric file system permissions are similar to the POSIX permissions model. Each file and directory is associated with a user (the owner) and a group. You can set read, write, and execute permissions separately for:

  • the owner of the file or directory.
  • members of the group associated with the file or directory.
  • all other users.

The permissions for a file or directory are called its mode. The mode of a file or directory can be expressed in two ways:

  • Text - a string that indicates the presence of the read (r), write (w), and execute (x) permission or their absence (-) for the owner, group, and other users respectively. Example: rwxr-xr-x
  • Octal - three octal digits (for the owner, group, and other users), that use individual bits to represent the three permissions. Example: 755

Both rwxr-xr-x and 755 represent the same mode; the owner has all permissions, and the group and other users have read and execute permissions only.

When you access the file system layer over NFS, the file-level permissions are controlled through the Linux interface by using the chmod (change mode) command or the chown (change owner) command, as well as the hadoop fs -chmod and hadoop fs -chown equivalents. For example:

chown jsmith /mapr/my.cluster.com/jsmith/fileA
hadoop -fs chown jsmith /mapr/my.cluster.com/jsmith/fileA
chmod 744 /mapr/my.cluster.com/jsmith/fileA
hadoop -fs chmod 744 /mapr/my.cluster.com/jsmith/fileA

These commands grant a user whose username is jsmith the read, write, and execute privileges on fileA.

Once you set file permissions, authorization checks are performed when a file is opened, and on every file access.

NOTE
To further protect your data, the Data Fabric file system data cache is never included in a file server core dump.