CDH5.4在命令行运行 hadoop fs -mkdir test 创建目录时用户名问题

[cdhfive@master ~]$ hadoop fs -mkdir /user/test
mkdir: Permission denied: user=cdhfive, access=WRITE, inode="/user":hdfs:supergroup:drwxr-xr-x
报错。。sudo －u hdfs 指定hdfs后创建成功。。。
[cdhfive@master ~]$ sudo -u hdfs hadoop fs -mkdir /user/test
[sudo] password for cdhfive:
[cdhfive@master ~]$ hadoop fs -ls /user/
drwxr-xr-x   - hdfs    supergroup          0 2015-10-09 10:21 /user/test

为什么在HDFS上创建的test目录它的用户名为hdfs  用户组为supergroup？
我本地linux上的用户名为cdhfive，然后这样在本地命令行运行 hadoop fs -put examples_dir /user/test  就报权限错误了。

Hadoop supports two different modes of operation to determine the user's identity, specified by the hadoop.security.authentication property:
    simple
    In this mode of operation, the identity of a client process is determined by the host operating system. On Unix-like systems, the user name is the equivalent of `whoami`.
    kerberos
In Kerberized operation, the identity of a client process is determined by its Kerberos credentials.

我的core-site.xml中的配置：
<name>hadoop.security.authentication </name>
<value>simple</value>

For HDFS, the mapping of users to groups is performed on the NameNode. Thus, the host system configuration of the NameNode determines the group mappings for the users.

Note that HDFS stores the user and group of a file or directory as strings; there is no conversion from user and group identity numbers as is conventional in Unix.

对HDFS而言，用户名和用户组的映射都是在NameNode上执行的。因此NameNode的配置决定了映射关系。而且HDFS并不是像Unix那样以数字标识用户组和用户名，而是以字符串的形式存储文件或目录的用户名和用户组。

The client framework will implicitly associate the user identity with the connection to the name node, reducing the need for changes to the existing client API. It has always been the case that when one operation on a file succeeds, the operation might fail when repeated because the file, or some directory on the path, no longer exists

Again, changing permissions does not revoke the access of a client that already knows the file's blocks.
在你先前对某个block有访问权限，随后更改了权限之后，你仍然还是对该block有权限？？？

An ACL provides a way to set different permissions for specific named users or named groups, not only the file's owner and the file's group.

By default, support for ACLs is disabled, and the NameNode disallows creation of ACLs. To enable support for ACLs, set dfs.namenode.acls.enabled to true in the NameNode configuration.

我的hdfs-site.xml中配置 <name>dfs.namenode.acls.enabled </name>
<value>false</value>