hadoop-hdfs-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Hans Uhlig (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HDFS-4220) Augment AccessControlException to include both affected inode and attempted operation
Date Wed, 21 Nov 2012 03:28:59 GMT

    [ https://issues.apache.org/jira/browse/HDFS-4220?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13501686#comment-13501686
] 

Hans Uhlig commented on HDFS-4220:
----------------------------------

Example:

hive> select * from ba limit 10;
FAILED: RuntimeException org.apache.hadoop.security.AccessControlException: Permission denied:
user=huhlig, access=WRITE, inode="/":hdfs:hadoop:drwxr-xr-x
        at org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.check(FSPermissionChecker.java:205)
        at org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.check(FSPermissionChecker.java:186)
        at org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.checkPermission(FSPermissionChecker.java:135)
        at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkPermission(FSNamesystem.java:4547)
        at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkAncestorAccess(FSNamesystem.java:4518)
        at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.mkdirsInternal(FSNamesystem.java:2880)
        at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.mkdirsInt(FSNamesystem.java:2844)
        at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.mkdirs(FSNamesystem.java:2823)
        at org.apache.hadoop.hdfs.server.namenode.NameNodeRpcServer.mkdirs(NameNodeRpcServer.java:639)
        at org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.mkdirs(ClientNamenodeProtocolServerSideTranslatorPB.java:417)
        at org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(ClientNamenodeProtocolProtos.java:44096)
        at org.apache.hadoop.ipc.ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine.java:453)
        at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:898)
        at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:1693)
        at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:1689)
        at java.security.AccessController.doPrivileged(Native Method)
        at javax.security.auth.Subject.doAs(Subject.java:396)
        at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1332)
        at org.apache.hadoop.ipc.Server$Handler.run(Server.java:1687)

This doesn't really explain what hive is trying to do in root or why its writing to root for
a select.
                
> Augment AccessControlException to include both affected inode and attempted operation
> -------------------------------------------------------------------------------------
>
>                 Key: HDFS-4220
>                 URL: https://issues.apache.org/jira/browse/HDFS-4220
>             Project: Hadoop HDFS
>          Issue Type: Improvement
>          Components: hdfs client, name-node
>    Affects Versions: 2.0.2-alpha
>            Reporter: Hans Uhlig
>            Priority: Minor
>              Labels: documentation
>
> Currently when any application that uses hdfs runs and hits a permissions wall a message
similar to the following is emitted.
> FAILED: RuntimeException org.apache.hadoop.security.AccessControlException: Permission
denied: user=huhlig, access=WRITE, inode="/":hdfs:hadoop:drwxr-xr-x
> This provides a bit of information including who, did what and where but not what I tried
to do. This makes debugging naughty or misconfigured applications difficult to debug.
> A preferable addition to this would follow inode
> FAILED: RuntimeException org.apache.hadoop.security.AccessControlException: Permission
denied: user=huhlig, access=WRITE, inode="/":hdfs:hadoop:drwxr-xr-x, operation=mkdir:"/new/path/to/make"
> This would allow for easier tracing of applications like hive where they may hit odd
file system spaces.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message