<li><ahref="#Security_model_and_operations">Security model and operations</a></li>
<li><ahref="#Commands_of_limited_value">Commands of limited value</a></li></ul>
<h1>Overview</h1>
<p>The File System (FS) shell includes various shell-like commands that directly interact with the Hadoop Distributed File System (HDFS) as well as other file systems that Hadoop supports, such as Local FS, WebHDFS, S3 FS, and others. The FS shell is invoked by:</p>
<divclass="source">
<divclass="source">
<pre>bin/hadoop fs <args>
</pre></div></div>
<p>All FS shell commands take path URIs as arguments. The URI format is <code>scheme://authority/path</code>. For HDFS the scheme is <code>hdfs</code>, and for the Local FS the scheme is <code>file</code>. The scheme and authority are optional. If not specified, the default scheme specified in the configuration is used. An HDFS file or directory such as /parent/child can be specified as <code>hdfs://namenodehost/parent/child</code> or simply as <code>/parent/child</code> (given that your configuration is set to point to <code>hdfs://namenodehost</code>).</p>
<p>Most of the commands in FS shell behave like corresponding Unix commands. Differences are described with each of the commands. Error information is sent to stderr and the output is sent to stdout.</p>
<p>If HDFS is being used, <code>hdfs dfs</code> is a synonym.</p>
<p>Relative paths can be used. For HDFS, the current working directory is the HDFS home directory <code>/user/<username></code> that often has to be created manually. The HDFS home directory can also be implicitly accessed, e.g., when using the HDFS trash folder, the <code>.Trash</code> directory in the home directory.</p>
<p>See the <ahref="./CommandsManual.html">Commands Manual</a> for generic shell options.</p><section>
<p>Append single src, or multiple srcs from local file system to the destination file system. Also reads input from stdin and appends to destination file system.</p>
<p>Usage: <code>hadoop fs -chgrp [-R] GROUP URI [URI ...]</code></p>
<p>Change group association of files. The user must be the owner of files, or else a super-user. Additional information is in the <ahref="../hadoop-hdfs/HdfsPermissionsGuide.html">Permissions Guide</a>.</p>
<p>Options</p>
<ul>
<li>The -R option will make the change recursively through the directory structure.</li>
<p>Change the permissions of files. With -R, make the change recursively through the directory structure. The user must be the owner of the file, or else a super-user. Additional information is in the <ahref="../hadoop-hdfs/HdfsPermissionsGuide.html">Permissions Guide</a>.</p>
<p>Options</p>
<ul>
<li>The -R option will make the change recursively through the directory structure.</li>
</ul></section><section>
<h2><aname="chown"></a>chown</h2>
<p>Usage: <code>hadoop fs -chown [-R] [OWNER][:[GROUP]] URI [URI ]</code></p>
<p>Change the owner of files. The user must be a super-user. Additional information is in the <ahref="../hadoop-hdfs/HdfsPermissionsGuide.html">Permissions Guide</a>.</p>
<p>Options</p>
<ul>
<li>The -R option will make the change recursively through the directory structure.</li>
</ul></section><section>
<h2><aname="copyFromLocal"></a>copyFromLocal</h2>
<p>Identical to the -put command.</p></section><section>
<h2><aname="copyToLocal"></a>copyToLocal</h2>
<p>Identical to the -get command.</p></section><section>
<p>Count the number of directories, files and bytes under the paths that match the specified file pattern. Get the quota and the usage. The output columns with -count are: DIR_COUNT, FILE_COUNT, CONTENT_SIZE, PATHNAME</p>
<p>The -u and -q options control what columns the output contains. -q means show quotas, -u limits the output to show quotas and usage only.</p>
<p>The -t option shows the quota and usage for each storage type. The -t option is ignored if -u or -q option is not given. The list of possible parameters that can be used in -t option(case insensitive except the parameter ""): "", “all”, “ram_disk”, “ssd”, “disk” or “archive”.</p>
<p>The -h option shows sizes in human readable format.</p>
<p>The -v option displays a header line.</p>
<p>The -x option excludes snapshots from the result calculation. Without the -x option (default), the result is always calculated from all INodes, including all snapshots under the given path. The -x option is ignored if -u or -q option is given.</p>
<p>The -e option shows the erasure coding policy for each file.</p>
<p>The ERASURECODING_POLICY is name of the policy for the file. If an erasure coding policy is set on that file, it will return the name of the policy. Otherwise, it will return "Replicated" which means it uses the replication storage strategy.</p>
<p>The -s option shows the snapshot counts for each directory.</p>
<p>Copy files from source to destination. This command allows multiple sources as well in which case the destination must be a directory.</p>
<p>‘raw.*’ namespace extended attributes are preserved if (1) the source and destination filesystems support them (HDFS only), and (2) all source and destination pathnames are in the /.reserved/raw hierarchy. Determination of whether raw.* namespace xattrs are preserved is independent of the -p (preserve) flag.</p>
<p>Options:</p>
<ul>
<li><code>-f</code> : Overwrite the destination if it already exists.</li>
<li><code>-d</code> : Skip creation of temporary file with the suffix <code>._COPYING_</code>.</li>
<li><code>-p</code> : Preserve file attributes [topax](timestamps, ownership, permission, ACL, XAttr). If -p is specified with no <i>arg</i>, then preserves timestamps, ownership, permission. If -pa is specified, then preserves permission also because ACL is a super-set of permission. Determination of whether raw namespace extended attributes are preserved is independent of the -p flag.</li>
<li><code>-t <thread count></code> : Number of threads to be used, default is 1. Useful when copying directories containing more than 1 file.</li>
<li><code>-q <thread pool queue size></code> : Thread pool queue size to be used, default is 1024. It takes effect only when thread count greater than 1.</li>
<p>Displays sizes of files and directories contained in the given directory or the length of a file in case its just a file.</p>
<p>Options:</p>
<ul>
<li>The -s option will result in an aggregate summary of file lengths being displayed, rather than the individual files. Without the -s option, calculation is done by going 1-level deep from the given path.</li>
<li>The -h option will format file sizes in a “human-readable” fashion (e.g 64.0m instead of 67108864)</li>
<li>The -v option will display the names of columns as a header line.</li>
<li>The -x option will exclude snapshots from the result calculation. Without the -x option (default), the result is always calculated from all INodes, including all snapshots under the given path.</li>
</ul>
<p>The du returns three columns with the following format:</p>
<p>Permanently delete files in checkpoints older than the retention threshold from trash directory, and create new checkpoint.</p>
<p>When checkpoint is created, recently deleted files in trash are moved under the checkpoint. Files in checkpoints older than <code>fs.trash.interval</code> will be permanently deleted on the next invocation of <code>-expunge</code> command.</p>
<p>If the file system supports the feature, users can configure to create and delete checkpoints periodically by the parameter stored as <code>fs.trash.checkpoint.interval</code> (in core-site.xml). This value should be smaller or equal to <code>fs.trash.interval</code>.</p>
<p>If the <code>-immediate</code> option is passed, all files in the trash for the current user are immediately deleted, ignoring the <code>fs.trash.interval</code> setting.</p>
<p>If the <code>-fs</code> option is passed, the supplied filesystem will be expunged, rather than the default filesystem and checkpoint is created.</p>
<p>Refer to the <ahref="../hadoop-hdfs/HdfsDesign.html#File_Deletes_and_Undeletes">HDFS Architecture guide</a> for more information about trash feature of HDFS.</p></section><section>
<p>Finds all files that match the specified expression and applies selected actions to them. If no <i>path</i> is specified then defaults to the current working directory. If no expression is specified then defaults to -print.</p>
<p>The following primary expressions are recognised:</p>
<ul>
<li>
<p>-name pattern<br/>-iname pattern</p>
<p>Evaluates as true if the basename of the file matches the pattern using standard file system globbing. If -iname is used then the match is case insensitive.</p>
</li>
<li>
<p>-print<br/>-print0</p>
<p>Always evaluates to true. Causes the current pathname to be written to standard output. If the -print0 expression is used then an ASCII NULL character is appended.</p>
</li>
</ul>
<p>The following operators are recognised:</p>
<ul>
<li>expression -a expression<br/>expression -and expression<br/>expression expression
<p>Logical AND operator for joining two expressions. Returns true if both child expressions return true. Implied by the juxtaposition of two expressions and so does not need to be explicitly specified. The second expression will not be applied if the first fails.</p></li>
</ul>
<p>Example:</p>
<p><code>hadoop fs -find / -name test -print</code></p>
<p>Exit Code:</p>
<p>Returns 0 on success and -1 on error.</p></section><section>
<p>Copy files to the local file system. Files that fail the CRC check may be copied with the -ignoreCrc option. Files and CRCs may be copied using the -crc option.</p>
<p>Options:</p>
<ul>
<li><code>-p</code> : Preserves access and modification times, ownership and the permissions. (assuming the permissions can be propagated across filesystems)</li>
<li><code>-f</code> : Overwrites the destination if it already exists.</li>
<li><code>-ignoreCrc</code> : Skip CRC checks on the file(s) downloaded.</li>
<li><code>-crc</code>: write CRC checksums for the files downloaded.</li>
<li><code>-t <thread count></code> : Number of threads to be used, default is 1. Useful when downloading directories containing more than 1 file.</li>
<li><code>-q <thread pool queue size></code> : Thread pool queue size to be used, default is 1024. It takes effect only when thread count greater than 1.</li>
<p>Displays the Access Control Lists (ACLs) of files and directories. If a directory has a default ACL, then getfacl also displays the default ACL.</p>
<p>Options:</p>
<ul>
<li>-R: List the ACLs of all files and directories recursively.</li>
<li><i>path</i>: File or directory to list.</li>
</ul>
<p>Examples:</p>
<ul>
<li><code>hadoop fs -getfacl /file</code></li>
<li><code>hadoop fs -getfacl -R /dir</code></li>
</ul>
<p>Exit Code:</p>
<p>Returns 0 on success and non-zero on error.</p></section><section>
<p>Displays the extended attribute names and values (if any) for a file or directory.</p>
<p>Options:</p>
<ul>
<li>-R: Recursively list the attributes for all files and directories.</li>
<li>-n name: Dump the named extended attribute value.</li>
<li>-d: Dump all extended attribute values associated with pathname.</li>
<li>-e <i>encoding</i>: Encode values after retrieving them. Valid encodings are “text”, “hex”, and “base64”. Values encoded as text strings are enclosed in double quotes ("), and values encoded as hexadecimal and base64 are prefixed with 0x and 0s, respectively.</li>
<p>Takes a source directory and a destination file as input and concatenates files in src into the destination local file. Optionally -nl can be set to enable adding a newline character (LF) at the end of each file. -skip-empty-file can be used to avoid unwanted newline characters in case of empty files.</p>
<p>Displays a “Not implemented yet” message.</p></section><section>
<h2><aname="mv"></a>mv</h2>
<p>Usage: <code>hadoop fs -mv URI [URI ...] <dest></code></p>
<p>Moves files from source to destination. This command allows multiple sources as well in which case the destination needs to be a directory. Moving files across file systems is not permitted.</p>
<p>Copy single src, or multiple srcs from local file system to the destination file system. Also reads input from stdin and writes to destination file system if the source is set to “-”</p>
<p>Copying fails if the file already exists, unless the -f flag is given.</p>
<p>Options:</p>
<ul>
<li><code>-p</code> : Preserves access and modification times, ownership and the permissions. (assuming the permissions can be propagated across filesystems)</li>
<li><code>-f</code> : Overwrites the destination if it already exists.</li>
<li><code>-l</code> : Allow DataNode to lazily persist the file to disk, Forces a replication factor of 1. This flag will result in reduced durability. Use with care.</li>
<li><code>-d</code> : Skip creation of temporary file with the suffix <code>._COPYING_</code>.</li>
<li><code>-t <thread count></code> : Number of threads to be used, default is 1. Useful when uploading directories containing more than 1 file.</li>
<li><code>-q <thread pool queue size></code> : Thread pool queue size to be used, default is 1024. It takes effect only when thread count greater than 1.</li>
<p>If trash is enabled, file system instead moves the deleted file to a trash directory (given by <ahref="../../api/org/apache/hadoop/fs/FileSystem.html">FileSystem#getTrashRoot</a>).</p>
<p>Currently, the trash feature is disabled by default. User can enable trash by setting a value greater than zero for parameter <code>fs.trash.interval</code> (in core-site.xml).</p>
<p>See <ahref="#expunge">expunge</a> about deletion of files in trash.</p>
<p>Options:</p>
<ul>
<li>The -f option will not display a diagnostic message or modify the exit status to reflect an error if the file does not exist.</li>
<li>The -R option deletes the directory and any content under it recursively.</li>
<li>The -r option is equivalent to -R.</li>
<li>The -skipTrash option will bypass trash, if enabled, and delete the specified file(s) immediately. This can be useful when it is necessary to delete files from an over-quota directory.</li>
<li>The -safely option will require safety confirmation before deleting directory with total number of files greater than <code>hadoop.shell.delete.limit.num.files</code> (in core-site.xml, default: 100). It can be used with -skipTrash to prevent accidental deletion of large directories. Delay is expected when walking over large directory recursively to count the number of files to be deleted before the confirmation.</li>
<p>Sets Access Control Lists (ACLs) of files and directories.</p>
<p>Options:</p>
<ul>
<li>-b: Remove all but the base ACL entries. The entries for user, group and others are retained for compatibility with permission bits.</li>
<li>-k: Remove the default ACL.</li>
<li>-R: Apply operations to all files and directories recursively.</li>
<li>-m: Modify ACL. New entries are added to the ACL, and existing entries are retained.</li>
<li>-x: Remove specified ACL entries. Other ACL entries are retained.</li>
<li><code>--set</code>: Fully replace the ACL, discarding all existing entries. The <i>acl_spec</i> must include entries for user, group, and others for compatibility with permission bits. If the ACL spec contains only access entries, then the existing default entries are retained. If the ACL spec contains only default entries, then the existing access entries are retained. If the ACL spec contains both access and default entries, then both are replaced.</li>
<li><i>acl_spec</i>: Comma separated list of ACL entries.</li>
<li><i>path</i>: File or directory to modify.</li>
<p>Returns 0 on success and non-zero on error.</p></section><section>
<h2><aname="setfattr"></a>setfattr</h2>
<p>Usage: <code>hadoop fs -setfattr -n name [-v value] | -x name <path></code></p>
<p>Sets an extended attribute name and value for a file or directory.</p>
<p>Options:</p>
<ul>
<li>-n name: The extended attribute name.</li>
<li>-v value: The extended attribute value. There are three different encoding methods for the value. If the argument is enclosed in double quotes, then the value is the string inside the quotes. If the argument is prefixed with 0x or 0X, then it is taken as a hexadecimal number. If the argument begins with 0s or 0S, then it is taken as a base64 encoding.</li>
<p>Changes the replication factor of a file. If <i>path</i> is a directory then the command recursively changes the replication factor of all files under the directory tree rooted at <i>path</i>. The EC files will be ignored when executing this command.</p>
<p>Options:</p>
<ul>
<li>The -w flag requests that the command wait for the replication to complete. This can potentially take a very long time.</li>
<li>The -R flag is accepted for backwards compatibility. It has no effect.</li>
<p>Print statistics about the file/directory at <path> in the specified format. Format accepts permissions in octal (%a) and symbolic (%A), filesize in bytes (%b), type (%F), group name of owner (%g), name (%n), block size (%o), replication (%r), user name of owner(%u), access date(%x, %X), and modification date (%y, %Y). %x and %y show UTC date as “yyyy-MM-dd HH:mm:ss”, and %X and %Y show milliseconds since January 1, 1970 UTC. If the format is not specified, %y is used by default.</p>
<p>Updates the access and modification times of the file specified by the URI to the current time. If the file does not exist, then a zero length file is created at URI with current time as the timestamp of that URI.</p>
<ul>
<li>Use -a option to change only the access time</li>
<li>Use -m option to change only the modification time</li>
<li>Use -t option to specify timestamp (in format yyyyMMdd:HHmmss) instead of current time</li>
<li>Use -c option to not create file if it does not exist</li>
</ul>
<p>The timestamp format is as follows * yyyy Four digit year (e.g. 2018) * MM Two digit month of the year (e.g. 08 for month of August) * dd Two digit day of the month (e.g. 01 for first day of the month) * HH Two digit hour of the day using 24 hour notation (e.g. 23 stands for 11 pm, 11 stands for 11 am) * mm Two digit minutes of the hour * ss Two digit seconds of the minute e.g. 20180809:230000 represents August 9th 2018, 11pm</p>
<p>Unlike a normal filesystem, renaming files and directories in an object store usually takes time proportional to the size of the objects being manipulated. As many of the filesystem shell operations use renaming as the final stage in operations, skipping that stage can avoid long delays.</p>
<p>In particular, the <code>put</code> and <code>copyFromLocal</code> commands should both have the <code>-d</code> options set for a direct upload.</p>
<p>The copy operation reads each file and then writes it back to the object store; the time to complete depends on the amount of data to copy, and the bandwidth in both directions between the local computer and the object store.</p>
<p><b>The further the computer is from the object store, the longer the copy takes</b></p></section><section>
<p>The <code>rm</code> command will delete objects and directories full of objects. If the object store is <i>eventually consistent</i>, <code>fs ls</code> commands and other accessors may briefly return the details of the now-deleted objects; this is an artifact of object stores which cannot be avoided.</p>
<p>If the filesystem client is configured to copy files to a trash directory, this will be in the bucket; the <code>rm</code> operation will then take time proportional to the size of the data. Furthermore, the deleted files will continue to incur storage costs.</p>
<p>To avoid this, use the <code>-skipTrash</code> option.</p>
<p>Data moved to the <code>.Trash</code> directory can be purged using the <code>expunge</code> command. As this command only works with the default filesystem, it must be configured to make the default filesystem the target object store.</p>
<p>If an object store is <i>eventually consistent</i>, then any operation which overwrites existing objects may not be immediately visible to all clients/queries. That is: later operations which query the same object’s status or contents may get the previous object. This can sometimes surface within the same client, while reading a single object.</p>
<p>Avoid having a sequence of commands which overwrite objects and then immediately work on the updated data; there is a risk that the previous data will be used instead.</p></section><section>
<h2><aname="Timestamps"></a>Timestamps</h2>
<p>Timestamps of objects and directories in Object Stores may not follow the behavior of files and directories in HDFS.</p>
<olstyle="list-style-type: decimal">
<li>The creation and initial modification times of an object will be the time it was created on the object store; this will be at the end of the write process, not the beginning.</li>
<li>The timestamp will be taken from the object store infrastructure’s clock, not that of the client.</li>
<li>If an object is overwritten, the modification time will be updated.</li>
<li>Directories may or may not have valid timestamps. They are unlikely to have their modification times updated when an object underneath is updated.</li>
<li>The <code>atime</code> access time feature is not supported by any of the object stores found in the Apache Hadoop codebase.</li>
</ol>
<p>Consult the <code>DistCp</code> documentation for details on how this may affect the <code>distcp -update</code> operation.</p></section><section>
<h2><aname="Security_model_and_operations"></a>Security model and operations</h2>
<p>The security and permissions models of object stores are usually very different from those of a Unix-style filesystem; operations which query or manipulate permissions are generally unsupported.</p>
<p>Operations to which this applies include: <code>chgrp</code>, <code>chmod</code>, <code>chown</code>, <code>getfacl</code>, and <code>setfacl</code>. The related attribute commands <code>getfattr</code> and<code>setfattr</code> are also usually unavailable.</p>
<ul>
<li>
<p>Filesystem commands which list permission and user/group details, usually simulate these details.</p>
</li>
<li>
<p>Operations which try to preserve permissions (example <code>fs -put -p</code>) do not preserve permissions for this reason. (Special case: <code>wasb://</code>, which preserves permissions but does not enforce them).</p>
</li>
</ul>
<p>When interacting with read-only object stores, the permissions found in “list” and “stat” commands may indicate that the user has write access, when in fact they do not.</p>
<p>Object stores usually have permissions models of their own, models can be manipulated through store-specific tooling. Be aware that some of the permissions which an object store may provide (such as write-only paths, or different permissions on the root path) may be incompatible with the Hadoop filesystem clients. These tend to require full read and write access to the entire object store bucket/container into which they write data.</p>
<p>As an example of how permissions are mocked, here is a listing of Amazon’s public, read-only bucket of Landsat images:</p>
<li>All files are listed as having full read/write permissions.</li>
<li>All directories appear to have full <code>rwx</code> permissions.</li>
<li>The replication count of all files is “1”.</li>
<li>The owner of all files and directories is declared to be the current user (<code>mapred</code>).</li>
<li>The timestamp of all directories is actually that of the time the <code>-ls</code> operation was executed. This is because these directories are not actual objects in the store; they are simulated directories based on the existence of objects under their paths.</li>
</ol>
<p>When an attempt is made to delete one of the files, the operation fails —despite the permissions shown by the <code>ls</code> command:</p>
<p>This demonstrates that the listed permissions cannot be taken as evidence of write access; only object manipulation can determine this.</p>
<p>Note that the Microsoft Azure WASB filesystem does allow permissions to be set and checked, however the permissions are not actually enforced. This feature offers the ability for a HDFS directory tree to be backed up with DistCp, with its permissions preserved, permissions which may be restored when copying the directory back into HDFS. For securing access to the data in the object store, however, Azure’s <aclass="externalLink"href="https://azure.microsoft.com/en-us/documentation/articles/storage-security-guide/">own model and tools must be used</a>.</p></section><section>
<h2><aname="Commands_of_limited_value"></a>Commands of limited value</h2>
<p>Here is the list of shell commands which generally have no effect —and may actually fail.</p>
<tableborder="0"class="bodyTable">
<thead>
<trclass="a">
<th> command </th>
<th> limitations </th></tr>
</thead><tbody>
<trclass="b">
<td><code>appendToFile</code></td>
<td> generally unsupported </td></tr>
<trclass="a">
<td><code>checksum</code></td>
<td> the usual checksum is “NONE”</td></tr>
<trclass="b">
<td><code>chgrp</code></td>
<td> generally unsupported permissions model; no-op </td></tr>
<trclass="a">
<td><code>chmod</code></td>
<td> generally unsupported permissions model; no-op</td></tr>
<trclass="b">
<td><code>chown</code></td>
<td> generally unsupported permissions model; no-op </td></tr>
<trclass="a">
<td><code>createSnapshot</code></td>
<td> generally unsupported </td></tr>
<trclass="b">
<td><code>deleteSnapshot</code></td>
<td> generally unsupported </td></tr>
<trclass="a">
<td><code>df</code></td>
<td> default values are normally displayed </td></tr>
<trclass="b">
<td><code>getfacl</code></td>
<td> may or may not be supported </td></tr>
<trclass="a">
<td><code>getfattr</code></td>
<td> generally supported </td></tr>
<trclass="b">
<td><code>renameSnapshot</code></td>
<td> generally unsupported </td></tr>
<trclass="a">
<td><code>setfacl</code></td>
<td> generally unsupported permissions model </td></tr>
<trclass="b">
<td><code>setfattr</code></td>
<td> generally unsupported permissions model </td></tr>
<trclass="a">
<td><code>setrep</code></td>
<td> has no effect </td></tr>
<trclass="b">
<td><code>truncate</code></td>
<td> generally unsupported </td></tr>
<trclass="a">
<td><code>concat</code></td>
<td> generally unsupported </td></tr>
</tbody>
</table>
<p>Different object store clients <i>may</i> support these commands: do consult the documentation and test against the target store.</p></section>
