ZooKeeper ACLs Best Practices: HDFS
You must follow the best practices for tightening the ZooKeeper ACLs or permissions for HDFS when provisioning a secure cluster.
-
ZooKeeper Usage:
-
hadoop-ha: Default ZNode for unsecured and secured clusters.
-
-
Default ACLs:
-
In an unsecured deployment, the default ACL is
world: anyone: cdrwa -
In a secured deployment, the default ACL is
digest: hdfs-fcs: cdrwa
-
-
Security Best Practice ACLs/Permissions and Required Steps:
-
HDFS ZNodes are protected with digest authentication by default in a secure CDP cluster. You need not modify Zookeeper ACLs on HDFS ZNodes or alter any ACLs by hand.
-
