From issues-return-180019-archive-asf-public=cust-asf.ponee.io@hive.apache.org Mon Feb 24 23:13:09 2020 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id E65CD180667 for ; Tue, 25 Feb 2020 00:13:08 +0100 (CET) Received: (qmail 20517 invoked by uid 500); 24 Feb 2020 23:13:07 -0000 Mailing-List: contact issues-help@hive.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@hive.apache.org Delivered-To: mailing list issues@hive.apache.org Received: (qmail 20470 invoked by uid 99); 24 Feb 2020 23:13:07 -0000 Received: from mailrelay1-us-west.apache.org (HELO mailrelay1-us-west.apache.org) (209.188.14.139) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 24 Feb 2020 23:13:07 +0000 Received: from jira-he-de.apache.org (static.172.67.40.188.clients.your-server.de [188.40.67.172]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 98BF1E3173 for ; Mon, 24 Feb 2020 23:13:06 +0000 (UTC) Received: from jira-he-de.apache.org (localhost.localdomain [127.0.0.1]) by jira-he-de.apache.org (ASF Mail Server at jira-he-de.apache.org) with ESMTP id 0FCD4782349 for ; Mon, 24 Feb 2020 23:13:04 +0000 (UTC) Date: Mon, 24 Feb 2020 23:13:04 +0000 (UTC) From: "Hive QA (Jira)" To: issues@hive.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HIVE-22919) StorageBasedAuthorizationProvider does not allow create databases after changing hive.metastore.warehouse.dir MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HIVE-22919?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17043953#comment-17043953 ] Hive QA commented on HIVE-22919: -------------------------------- Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12994311/HIVE-22919.2.patch {color:green}SUCCESS:{color} +1 due to 1 test(s) being added or modified. {color:green}SUCCESS:{color} +1 due to 18058 tests passed Test results: https://builds.apache.org/job/PreCommit-HIVE-Build/20807/testReport Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/20807/console Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-20807/ Messages: {noformat} Executing org.apache.hive.ptest.execution.TestCheckPhase Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.YetusPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase {noformat} This message is automatically generated. ATTACHMENT ID: 12994311 - PreCommit-HIVE-Build > StorageBasedAuthorizationProvider does not allow create databases after changing hive.metastore.warehouse.dir > ------------------------------------------------------------------------------------------------------------- > > Key: HIVE-22919 > URL: https://issues.apache.org/jira/browse/HIVE-22919 > Project: Hive > Issue Type: Bug > Reporter: Oleksiy Sayankin > Assignee: Oleksiy Sayankin > Priority: Major > Attachments: HIVE-22919.1.patch, HIVE-22919.2.patch > > > *ENVIRONMENT:* > Hive-2.3 > *STEPS TO REPRODUCE:* > 1. Configure Storage Based Authorization: > {code:xml} > hive.security.authorization.enabled > true > > > hive.security.metastore.authorization.manager > org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider > > > hive.security.authorization.manager > org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider > > > hive.security.metastore.authenticator.manager > org.apache.hadoop.hive.ql.security.HadoopDefaultMetastoreAuthenticator > > > hive.metastore.pre.event.listeners > org.apache.hadoop.hive.ql.security.authorization.AuthorizationPreEventListener > {code} > 2. Create a few directories, change owners and permissions to it: > {code:java}hadoop fs -mkdir /tmp/m1 > hadoop fs -mkdir /tmp/m2 > hadoop fs -mkdir /tmp/m3 > hadoop fs -chown testuser1:testuser1 /tmp/m[1,3] > hadoop fs -chmod 700 /tmp/m[1-3]{code} > 3. Check permissions: > {code:java}[test@node2 ~]$ hadoop fs -ls /tmp|grep m[1-3] > drwx------ - testuser1 testuser1 0 2020-02-11 10:25 /tmp/m1 > drwx------ - test test 0 2020-02-11 10:25 /tmp/m2 > drwx------ - testuser1 testuser1 1 2020-02-11 10:36 /tmp/m3 > [test@node2 ~]$ > {code} > 4. Loggin into Hive CLI using embedded Hive Metastore as *"testuser1"* user, with *"hive.metastore.warehouse.dir"* set to *"/tmp/m1"*: > {code:java} > sudo -u testuser1 hive --hiveconf hive.metastore.uris= --hiveconf hive.metastore.warehouse.dir=/tmp/m1 > {code} > 5. Perform the next steps: > {code:sql}-- 1. Check "hive.metastore.warehouse.dir" value: > SET hive.metastore.warehouse.dir; > -- 2. Set "hive.metastore.warehouse.dir" to the path, to which "testuser1" user does not have an access: > SET hive.metastore.warehouse.dir=/tmp/m2; > -- 3. Try to create a database: > CREATE DATABASE m2; > -- 4. Set "hive.metastore.warehouse.dir" to the path, to which "testuser1" user has an access: > SET hive.metastore.warehouse.dir=/tmp/m3; > -- 5. Try to create a database: > CREATE DATABASE m3; > {code} > *ACTUAL RESULT:* > Query 5 fails with an exception below. It does not handle "hive.metastore.warehouse.dir" proprty: > {code:java} > hive> -- 5. Try to create a database: > hive> CREATE DATABASE m3; > FAILED: HiveException org.apache.hadoop.security.AccessControlException: User testuser1(user id 5001) does not have access to hdfs:/tmp/m2/m3.db > hive> > {code} > *EXPECTED RESULT:* > Query 5 creates a database; -- This message was sent by Atlassian Jira (v8.3.4#803005)