Return-Path: 
 <dev-return-27912-apmail-hive-dev-archive=hive.apache.org@hive.apache.org>
X-Original-To: apmail-hive-dev-archive@www.apache.org
Delivered-To: apmail-hive-dev-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 3D45D71C0
	for <apmail-hive-dev-archive@www.apache.org>;
 Mon,  7 Nov 2011 05:11:15 +0000 (UTC)
Received: (qmail 15526 invoked by uid 500); 7 Nov 2011 05:11:14 -0000
Delivered-To: apmail-hive-dev-archive@hive.apache.org
Received: (qmail 15495 invoked by uid 500); 7 Nov 2011 05:11:14 -0000
Mailing-List: contact dev-help@hive.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:dev-help@hive.apache.org>
List-Unsubscribe: <mailto:dev-unsubscribe@hive.apache.org>
List-Post: <mailto:dev@hive.apache.org>
List-Id: <dev.hive.apache.org>
Reply-To: dev@hive.apache.org
Delivered-To: mailing list dev@hive.apache.org
Received: (qmail 15478 invoked by uid 500); 7 Nov 2011 05:11:13 -0000
Delivered-To: apmail-hadoop-hive-dev@hadoop.apache.org
Received: (qmail 15475 invoked by uid 99); 7 Nov 2011 05:11:13 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 07 Nov 2011 05:11:13 +0000
X-ASF-Spam-Status: No, hits=-2001.2 required=5.0
	tests=ALL_TRUSTED,RP_MATCHES_RCVD
X-Spam-Check-By: apache.org
Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116)
    by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 07 Nov 2011 05:11:11 +0000
Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116])
	by hel.zones.apache.org (Postfix) with ESMTP id 82F78383DE
	for <hive-dev@hadoop.apache.org>; Mon,  7 Nov 2011 05:10:51 +0000 (UTC)
Date: Mon, 7 Nov 2011 05:10:51 +0000 (UTC)
From: "Alex Holmes (Created) (JIRA)" <jira@apache.org>
To: hive-dev@hadoop.apache.org
Message-ID: 
 <1779557601.5737.1320642651537.JavaMail.tomcat@hel.zones.apache.org>
Subject: [jira] [Created] (HIVE-2554) Hive authorization with remote
 metastore does not work
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394

Hive authorization with remote metastore does not work
------------------------------------------------------

                 Key: HIVE-2554
                 URL: https://issues.apache.org/jira/browse/HIVE-2554
             Project: Hive
          Issue Type: Bug
          Components: Security
    Affects Versions: 0.7.1
         Environment: CentOS release 5.7
Hadoop 0.20.2 (pseudo-distributed mode)
            Reporter: Alex Holmes


*Install Hadoop 0.20.2*

#  Explode Hadoop 0.20.2 tarball
#  Configure for pseudo-distributed mode from [Hadoop site|http://hadoop.apache.org/common/docs/r0.20.2/quickstart.html#PseudoDistributed]
#  Create user "hadoop"
#  Start all Hadoop daemons as user hadoop

*Install Hive 0.7.1*

#  Explode Hive 0.7.1 tarball
#  Create user "hive"
#  Configure Hive to run with remote metastore, and with authentication.  Contents of hive-site.xml are:
{code}
<configuration>
<property>
  <name>hive.metastore.local</name>
  <value>false</value>
</property>
<property>
  <name>hive.metastore.uris</name>
  <value>thrift://localhost:9083</value>
</property>
<property>
 <name>hive.security.authorization.enabled</name>
 <value>true</value>
</property>
</configuration>
{code}
# Create and open-up the Hive-related directories in HDFS
hadoop fs -mkdir /user/hive/warehouse
hadoop fs -chmod -R 777 /user/hive/warehouse
hadoop fs -mkdir /tmp
hadoop fs -chmod -R 777 /tmp


*Run the metastore*
./hive --service metastore

*Run the hive client*

The exception below is thrown regardless of which user is running the metastore and client (tried as both the hive and hadoop users, and combinations thereof).

{code}
./hive
hive> set hive.security.authorization.enabled=false;
hive> CREATE TABLE pokes (foo INT, bar STRING) ROW FORMAT DELIMITED FIELDS TERMINATED BY '-' STORED AS TEXTFILE;
OK
hive> LOAD DATA LOCAL INPATH '/tmp/foobar.txt' OVERWRITE INTO TABLE pokes;
Copying data from file:/tmp/foobar.txt
Copying file: file:/tmp/foobar.txt
Loading data to table default.pokes
Deleted hdfs://localhost:9000/user/hive/warehouse/pokes
OK
Time taken: 0.443 seconds
hive> grant select on table pokes to user hive;
OK
Time taken: 0.191 seconds
hive> set hive.security.authorization.enabled=true;
hive> show grant user hive on table pokes;
OK

database	default	
table	pokes	
principalName	hive	
principalType	USER	
privilege	Select	
grantTime	1320642081	
grantor	hadoop	
Time taken: 0.084 seconds
hive> select * from pokes;
FAILED: Hive Internal Error: org.apache.hadoop.hive.ql.metadata.HiveException(org.apache.thrift.TApplicationException: get_privilege_set failed: unknown result)
org.apache.hadoop.hive.ql.metadata.HiveException: org.apache.thrift.TApplicationException: get_privilege_set failed: unknown result
	at org.apache.hadoop.hive.ql.metadata.Hive.get_privilege_set(Hive.java:1617)
	at org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorizeUserPriv(DefaultHiveAuthorizationProvider.java:201)
	at org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorizeUserAndDBPriv(DefaultHiveAuthorizationProvider.java:226)
	at org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorizeUserDBAndTable(DefaultHiveAuthorizationProvider.java:259)
	at org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorize(DefaultHiveAuthorizationProvider.java:159)
	at org.apache.hadoop.hive.ql.Driver.doAuthorization(Driver.java:531)
	at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:393)
	at org.apache.hadoop.hive.ql.Driver.run(Driver.java:736)
	at org.apache.hadoop.hive.cli.CliDriver.processCmd(CliDriver.java:164)
	at org.apache.hadoop.hive.cli.CliDriver.processLine(CliDriver.java:241)
	at org.apache.hadoop.hive.cli.CliDriver.main(CliDriver.java:456)
	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
	at java.lang.reflect.Method.invoke(Method.java:597)
	at org.apache.hadoop.util.RunJar.main(RunJar.java:156)
Caused by: org.apache.thrift.TApplicationException: get_privilege_set failed: unknown result
	at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.recv_get_privilege_set(ThriftHiveMetastore.java:2414)
	at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.get_privilege_set(ThriftHiveMetastore.java:2379)
	at org.apache.hadoop.hive.metastore.HiveMetaStoreClient.get_privilege_set(HiveMetaStoreClient.java:1042)
	at org.apache.hadoop.hive.ql.metadata.Hive.get_privilege_set(Hive.java:1615)
	... 15 more
{code}


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira