hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eugene Koifman (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HIVE-8643) DDL operations via WebHCat with doAs parameter in secure cluster fail
Date Wed, 29 Oct 2014 07:19:33 GMT

     [ https://issues.apache.org/jira/browse/HIVE-8643?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Eugene Koifman updated HIVE-8643:
---------------------------------
    Attachment: HIVE-8643.patch

> DDL operations via WebHCat with doAs parameter in secure cluster fail
> ---------------------------------------------------------------------
>
>                 Key: HIVE-8643
>                 URL: https://issues.apache.org/jira/browse/HIVE-8643
>             Project: Hive
>          Issue Type: Bug
>          Components: WebHCat
>    Affects Versions: 0.14.0
>            Reporter: Eugene Koifman
>            Assignee: Eugene Koifman
>            Priority: Critical
>         Attachments: HIVE-8643.patch
>
>
> webhcat handles DDL command by forking to 'hcat', i.e. HCatCli
> This starts a session.
> SessionState.start() creates scratch dir based on current user name
> via startSs.createSessionDirs(sessionUGI.getShortUserName());
> This UGI is not aware of doAs param, so the name of the dir always ends up 'hcat', but
because a delegation token is generated in WebHCat for HDFS access, the owner of the scratch
dir is the calling user.  Thus next time a session is started (because of a new DDL call from
different user), it ends up trying to use the same scratch dir but cannot as it has 700 permission
set.
> We need to pass in doAs user into SessionState



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message