hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Thejas M Nair (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-6907) HiveServer2 - wrong user gets used for metastore operation with embedded metastore
Date Tue, 15 Apr 2014 10:28:17 GMT

    [ https://issues.apache.org/jira/browse/HIVE-6907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13969412#comment-13969412
] 

Thejas M Nair commented on HIVE-6907:
-------------------------------------

I ran some tests to verify it works with doAs=false and no proxy user setting for the hive
server2 process user. (Also added some logging to verify that this code path is used - which
was useful as it reminded me that this code path doesn't get used with hive 0.12 jdbc driver!)

I have verified that this patch works with unsecure mode, but I haven't yet verified the behavior
with kerberos secured cluster.

{code}
beeline> !connect jdbc:hive2://localhost:10000/ user fakepwd org.apache.hive.jdbc.HiveDriver
Connecting to jdbc:hive2://localhost:10000/
Connected to: Apache Hive (version 0.13.0)
Driver: Hive JDBC (version 0.13.0)
Transaction isolation: TRANSACTION_REPEATABLE_READ

0: jdbc:hive2://localhost:10000/> set hive.server2.enable.doAs;                       
                              
+---------------------------------+
|               set               |
+---------------------------------+
| hive.server2.enable.doAs=false  |
+---------------------------------+
1 row selected (0.007 seconds)
0: jdbc:hive2://localhost:10000/> set hadoop.proxyuser.hive.groups;                   
                              
+--------------------------------------------+
|                    set                     |
+--------------------------------------------+
| hadoop.proxyuser.hive.groups is undefined  |
+--------------------------------------------+
1 row selected (0.009 seconds)
0: jdbc:hive2://localhost:10000/> set hadoop.proxyuser.hive.hosts;    
+-------------------------------------------+
|                    set                    |
+-------------------------------------------+
| hadoop.proxyuser.hive.hosts is undefined  |
+-------------------------------------------+
1 row selected (0.007 seconds)
0: jdbc:hive2://localhost:10000/> set hadoop.proxyuser.oozie.hosts;
+---------------------------------+
|               set               |
+---------------------------------+
| hadoop.proxyuser.oozie.hosts=*  |
+---------------------------------+
1 row selected (0.007 seconds)
0: jdbc:hive2://localhost:10000/> select count(*) from sample_07 ;                    
                              
+------+
| _c0  |
+------+
| 823  |
+------+

{code}

> HiveServer2 - wrong user gets used for metastore operation with embedded metastore
> ----------------------------------------------------------------------------------
>
>                 Key: HIVE-6907
>                 URL: https://issues.apache.org/jira/browse/HIVE-6907
>             Project: Hive
>          Issue Type: Bug
>          Components: HiveServer2
>    Affects Versions: 0.13.0
>            Reporter: Thejas M Nair
>            Assignee: Thejas M Nair
>            Priority: Blocker
>             Fix For: 0.13.0
>
>         Attachments: HIVE-6907.1.patch, HIVE-6907.2.patch, HIVE-6907.3.patch
>
>
> When queries are being run concurrently against HS2, sometimes the wrong user ends performing
the metastore action and you get an error like - 
> {code}
> ..INFO|java.sql.SQLException: Error while processing statement: FAILED: Execution Error,
return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. MetaException(message:java.security.AccessControlException:
action WRITE not permitted on path hdfs://example.net:8020/apps/hive/warehouse/tbl_4eeulg9zp4
for user hrt_qa)
> {code}



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message