Configuring file and directory permissions for Hue

Per user home directories are created on HDFS when you create a new user in Hue, which the user can use to store and retrieve files using the Hue File Browser. You must either configure Hue to use the same permissions of the HDFS umask or use different permissions when a user creates files and directories from the Hue File Browser. It is recommended to define the home directory permissions before creating users in Hue.

When you set up CDP, you may have set a umask for all files and directories that would be created on HDFS using the fs.permissions.umask-mode parameter. The default HDFS umask is 0022. At this point, you can allow Hue to use the permisions as defined by HDFS umask or you can configure Hue to use a different set of permissions. This is controlled by the following two parameters in Hue: home_dir_permissions and use_home_dir_permissions. The use_home_dir_permissions parameter is set to true by default.

To allow Hue to create files and directories with permissions different than the HDFS umask, set the following in the Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini field in Cloudera Manager:
[useradmin]
home_dir_permissions=[***HUE-FILE-DIR-PERMISSIONS***]
use_home_dir_permissions=true
For example:
[useradmin]
home_dir_permissions=0700
use_home_dir_permissions=true
To allow Hue to use the same file and directory permissions as the HDFS umask, set the following in the Hue Service Advanced Configuration Snippet (Safety Valve) for hue_safety_valve.ini field in Cloudera Manager:
[useradmin]
use_home_dir_permissions=false

If you have not defined the home directory permissions in Hue by setting the value of the home_dir_permissions property in the Hue Advanced Configuration before creating users in Hue, then you can change the permissions for those users later to prevent unauthorized access.

  1. SSH in to the Hue server host as an Administrator.
  2. Run the following command to change the permission for a user:
    hdfs dfs -chmod 700 /user/[***USERNAME***]