Step 14: Set the Sticky Bit on HDFS Directories

This step is optional but strongly recommended for security. In CDH 5, HDFS file permissions have support for the sticky bit. The sticky bit can be set on directories, preventing anyone except the superuser, directory owner, or file owner from deleting or moving the files within the directory. Setting the sticky bit for a file has no effect. This is useful for directories such as /tmp which previously had to be set to be world-writable. To set the sticky bit on the /tmp directory, run the following command:

 
$ sudo -u hdfs kinit -k -t hdfs.keytab hdfs/fully.qualified.domain.name@YOUR-REALM.COM
$ sudo -u hdfs hadoop fs -chmod 1777 /tmp 

After running this command, the permissions on /tmp will appear as shown below. (Note the "t" instead of the final "x".)

 
$ hadoop fs -ls / 
Found 2 items 
drwxrwxrwt - hdfs supergroup 0 2011-02-14 15:55 /tmp 
drwxr-xr-x - hdfs supergroup 0 2011-02-14 14:01 /user