## HDFS File Permissions

Let us go through file permissions in HDFS.

* As we create the files, we can check the permissions on them using `-ls` command.
* Typically the owner of the user space will have **rwx**, while members of the group specified as well as others have **r-x**.
* **rwx** stands for read, write and execute while **r-x** stands for only read and execute permissions.
* We can change the permissions using `hadoop fs -chmod` or `hdfs dfs -chmod`. However one can change the permissions of their own files.
* We can specify permissions mode (e.g.: `+x` to grant execute access to owner, group as well as others) as well as octal mode (e.g.: 755 to grant rwx for owner, rx for group and others)

If you are not familiar with linux command chmod, we would highly recommend you to spend some time to get detailed understanding of it as it is very important with respect to file permissions.

In [1]:
%%sh

hdfs dfs -ls /user/${USER}/retail_db

Found 6 items
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/categories
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/customers
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/departments
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/order_items
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/orders
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/products


* Granting write permissions on the folder to others.

In [2]:
%%sh

hdfs dfs -chmod -R o+w /user/${USER}/retail_db/orders

In [3]:
%%sh

hdfs dfs -ls /user/${USER}/retail_db

Found 6 items
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/categories
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/customers
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/departments
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/order_items
drwxr-xrwx   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/orders
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/products


* Granting write permissions on the folder to group.

In [4]:
%%sh

hdfs dfs -chmod -R g+w /user/${USER}/retail_db/order_items

In [5]:
%%sh

hdfs dfs -ls /user/${USER}/retail_db

Found 6 items
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/categories
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/customers
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/departments
drwxrwxr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/order_items
drwxr-xrwx   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/orders
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/products


* We can remove write permissions for every one.

In [6]:
%%sh

hdfs dfs -chmod -R -w /user/${USER}/retail_db/orders

In [7]:
%%sh

hdfs dfs -ls /user/${USER}/retail_db

Found 6 items
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/categories
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/customers
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/departments
drwxrwxr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/order_items
dr-xr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/orders
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/products


* No files can be copied to the folder or can be deleted from the folder. Below command will fail.

In [8]:
%%sh

hdfs dfs -rm /user/${USER}/retail_db/orders/part-00000

rm: Failed to move to trash: hdfs://m01.itversity.com:9000/user/itv002461/retail_db/orders/part-00000: Permission denied: user=itv002461, access=WRITE, inode="/user/itv002461/retail_db/orders":itv002461:supergroup:dr-xr-xr-x


CalledProcessError: Command 'b'\nhdfs dfs -rm /user/${USER}/retail_db/orders/part-00000\n'' returned non-zero exit status 1.

In [9]:
%%sh

hdfs dfs -chmod -R -w /user/${USER}/retail_db/order_items

In [10]:
%%sh

hdfs dfs -ls /user/${USER}/retail_db

Found 6 items
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/categories
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/customers
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/departments
dr-xr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/order_items
dr-xr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/orders
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/products


* Adding write permissions only to owner. Now the owner will be able to delete the file, but others cannot.

In [11]:
%%sh

hdfs dfs -chmod -R u+w /user/${USER}/retail_db/orders

In [12]:
%%sh

hdfs dfs -rm /user/${USER}/retail_db/orders/part-00000

2022-05-26 03:07:39,930 INFO fs.TrashPolicyDefault: Moved: 'hdfs://m01.itversity.com:9000/user/itv002461/retail_db/orders/part-00000' to trash at: hdfs://m01.itversity.com:9000/user/itv002461/.Trash/Current/user/itv002461/retail_db/orders/part-00000


In [13]:
%%sh

hdfs dfs -chmod -R u+w /user/${USER}/retail_db/order_items

In [14]:
%%sh

hdfs dfs -ls /user/${USER}/retail_db

Found 6 items
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/categories
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/customers
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/departments
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/order_items
drwxr-xr-x   - itv002461 supergroup          0 2022-05-26 03:07 /user/itv002461/retail_db/orders
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/products


* Let us go through the details using octal format.

In [15]:
%%sh

hdfs dfs -ls /user/${USER}/retail_db

Found 6 items
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/categories
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/customers
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/departments
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/order_items
drwxr-xr-x   - itv002461 supergroup          0 2022-05-26 03:07 /user/itv002461/retail_db/orders
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/products


* Granting write permissions on the folder to others. We can set these permissions for owner, group and other.

|Binary Value|Permissions Mode|Decimal Value
|---|---|---|
|000|---|0|
|001|--x|1|
|010|-w-|2|
|011|-wx|3|
|100|r--|4|
|101|r-x|5|
|110|rw-|6|
|111|rwx|7|


* Granting write permissions on the folder to others.

In [16]:
%%sh

hdfs dfs -chmod -R 757  /user/${USER}/retail_db/orders

In [17]:
%%sh

hdfs dfs -ls /user/${USER}/retail_db

Found 6 items
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/categories
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/customers
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/departments
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/order_items
drwxr-xrwx   - itv002461 supergroup          0 2022-05-26 03:07 /user/itv002461/retail_db/orders
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/products


* Granting write permissions on the folder to group.

In [None]:
%%sh

hdfs dfs -chmod -R 775 /user/${USER}/retail_db/order_items

In [None]:
%%sh

hdfs dfs -ls /user/${USER}/retail_db

* We can remove write permissions for every one.

In [18]:
%%sh

hdfs dfs -chmod -R 555 /user/${USER}/retail_db/orders

In [19]:
%%sh

hdfs dfs -chmod -R 555 /user/${USER}/retail_db/order_items

In [20]:
%%sh

hdfs dfs -ls /user/${USER}/retail_db

Found 6 items
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/categories
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/customers
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/departments
dr-xr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/order_items
dr-xr-xr-x   - itv002461 supergroup          0 2022-05-26 03:07 /user/itv002461/retail_db/orders
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/products


* Adding write permissions only to owner.

In [21]:
%%sh

hdfs dfs -chmod -R 755 /user/${USER}/retail_db/orders

In [22]:
%%sh

hdfs dfs -chmod -R 755 /user/${USER}/retail_db/order_items

In [23]:
%%sh

hdfs dfs -ls /user/${USER}/retail_db

Found 6 items
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/categories
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/customers
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/departments
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/order_items
drwxr-xr-x   - itv002461 supergroup          0 2022-05-26 03:07 /user/itv002461/retail_db/orders
drwxr-xr-x   - itv002461 supergroup          0 2022-05-25 10:30 /user/itv002461/retail_db/products
