hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Oleksiy Sayankin (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HIVE-21532) RuntimeException due to AccessControlException during creating hive-staging-dir
Date Mon, 01 Apr 2019 10:18:00 GMT

     [ https://issues.apache.org/jira/browse/HIVE-21532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Oleksiy Sayankin updated HIVE-21532:
------------------------------------
    Attachment: HIVE-21532.3.patch

> RuntimeException due to AccessControlException during creating hive-staging-dir
> -------------------------------------------------------------------------------
>
>                 Key: HIVE-21532
>                 URL: https://issues.apache.org/jira/browse/HIVE-21532
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Oleksandr Polishchuk
>            Assignee: Oleksiy Sayankin
>            Priority: Minor
>         Attachments: HIVE-21532.1.patch, HIVE-21532.1.patch, HIVE-21532.2.patch, HIVE-21532.3.patch
>
>
> The bug was found with environment - Hive-2.3.
> Steps lead to an exception:
> 1) Create user without root permissions on your node.
> 2) The {{hive-site.xml}} file has to contain the next properties:
> {code:java}
>  <property>
>     <name>hive.security.authorization.enabled</name>
>   <value>true</value>
>   </property>
>   <property>
>    <name>hive.security.authorization.manager</name>
>  <value>org.apache.hadoop.hive.ql.security.authorization.plugin.fallback.FallbackHiveAuthorizerFactory</value>
>   </property>
> {code}
> 3) Open Hive CLI and do next query:
> {code:java}
>  insert overwrite local directory '/tmp/test_dir' row format delimited fields terminated
by ',' select * from temp.test;
> {code}
> The previous query will fails with the next exception:
> {code:java}
> FAILED: RuntimeException Cannot create staging directory 'hdfs:///tmp/test_dir/.hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1':
User testuser(user id 3456)  has been denied access to create .hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1
> {code}
> The investigation shows that if delete the mentioned above properties from {{hive-site.xml}}
and pass {{`queryTmpdir`}} instead of {{`dest_path`}} in the {{org.apache.hadoop.hive.ql.Context#getTempDirForPath()}}
as was in the Hive-2.1. everything will be fine. The current method is using in the {{org.apache.hadoop.hive.ql.parse.SemanticAnalyzer}} 
- {{String statsTmpLoc = ctx.getTempDirForPath(dest_path).toString();}}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message