The ProxyUser command is used to authorize a user to perform operations such as accessing sensitive data on behalf of other users. This topic describes the common use scenarios of the ProxyUser command in OSS-HDFS.
Prerequisites
A Hadoop environment, Hadoop cluster, or Hadoop client is created. For more information about how to install Hadoop, see Step 2: Create a Hadoop runtime environment.
OSS-HDFS is enabled for specific buckets. For more information, see Enable OSS-HDFS and grant access permissions.
JindoSDK 4.5.0 or later is installed and configured. For more information, see Connect non-EMR clusters to OSS-HDFS.
Procedure
Configure environment variables.
Connect to an ECS instance. For more information, see Connect to an ECS instance.
Go to the bin directory of the installed JindoSDK JAR package.
cd jindosdk-x.x.x/bin/
Notex.x.x indicates the version number of the JindoSDK JAR package.
Grant read and write permissions to the
jindo-util
file in the bin directory.chmod 700 jindo-util
Rename the
jindo-util
file tojindo
.mv jindo-util jindo
Create a configuration file named
jindosdk.cfg
, and then add the following parameters to the configuration file.[common] Retain the following default configurations. logger.dir = /tmp/jindo-util/ logger.sync = false logger.consolelogger = false logger.level = 0 logger.verbose = 0 logger.cleaner.enable = true hadoopConf.enable = false [jindosdk] Specify the following parameters. <!-- In this example, the China (Hangzhou) region is used. Specify your actual region. --> fs.oss.endpoint = cn-hangzhou.oss-dls.aliyuncs.com <! -- Configure the AccessKey ID and AccessKey secret that is used to access OSS-HDFS. --> fs.oss.accessKeyId = LTAI******** fs.oss.accessKeySecret = KZo1********
Configure environment variables.
export JINDOSDK_CONF_DIR=<JINDOSDK_CONF_DIR>
Set <JINDOSDK_CONF_DIR> to the absolute path of the
jindosdk.cfg
configuration file.
Run the ProxyUser command to add, view, and delete proxy users.
Add a proxy user
Command syntax
./jindo admin -addProxyUser \ [-dlsUri <uri>] \ [-proxyUser <proxyUser>] \ [-users <user1,user2...>]|[-groups <group1,group2...>] \ [-hosts <host1,host2...>]
Example
You can run the following command to specify user1 as a proxy user for all users who belong to group1 and group2 and send requests from host1 and host2:
./jindo admin -addProxyUser \ -dlsUri oss://examplebucket.cn-shanghai.oss-dls.aliyuncs.com \ -proxyUser user1 \ -groups group1,group2 \ -hosts host1,host2
ImportantThe -user option cannot be specified together with the -group option in the same command.
View all proxy users and proxy information
Command syntax
./jindo admin -listProxyUsers \ [-dlsUri <dlsUri>] \ [-maxKeys <maxKeys>] \ [-marker <marker>]
The -maxKeys and-marker options are both optional.
The -maxKeys option is used to specify the number of proxy users that you want to query.
The -marker option is used to filter proxy users whose names contain a specific string.
Example
You can run the following command to query information about 10 proxy users whose names contain the test string in the path specified by <dlsUri>:
./jindo admin -listProxyUsers \ -dlsUri oss://examplebucket.cn-shanghai.oss-dls.aliyuncs.com \ -maxKeys 10 \ -marker test
Delete a proxy user
Command syntax
./jindo admin -deleteProxyUser \ [-dlsUri <uri>] \ [-proxyUser <proxyUser>]
Example
You can run the following command to delete a proxy user named user1. After user1 is deleted, user1 cannot be used as a proxy user for any users.
./jindo admin -deleteProxyUser \ -dlsUri oss://examplebucket.cn-shanghai.oss-dls.aliyuncs.com \ -proxyUser user1