hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ranith Sardar (Jira)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-25381) Hive impersonation Failed when load data of managed tables set as hive
Date Sat, 24 Jul 2021 12:54:00 GMT

    [ https://issues.apache.org/jira/browse/HIVE-25381?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17386715#comment-17386715
] 

Ranith Sardar commented on HIVE-25381:
--------------------------------------

hive code is getting used for impersonating
{code}
 public static boolean isOwnerOfFileHierarchy(final FileSystem fs,
      final FileStatus fileStatus, final String userName, final boolean recurse)
      throws IOException, InterruptedException {
    UserGroupInformation proxyUser = UserGroupInformation.createProxyUser(userName,
        UserGroupInformation.getLoginUser());
    try {
      boolean isOwner = proxyUser.doAs(new PrivilegedExceptionAction<Boolean>() {
        @Override
        public Boolean run() throws Exception {
          FileSystem fsAsUser = FileSystem.get(fs.getUri(), fs.getConf());
          return checkIsOwnerOfFileHierarchy(fsAsUser, fileStatus, userName, recurse);
        }
      });
      return isOwner;
    } finally {
      FileSystem.closeAllForUGI(proxyUser);
    }{code}
Here userName is coming from
{code:java}
String configuredOwner = HiveConf.getVar(conf, ConfVars.HIVE_LOAD_DATA_OWNER);{code}
which basically means UserGroupInformation.getLoginUser() is impersonating "userName".

> Hive impersonation Failed when load data of managed tables set as hive
> ----------------------------------------------------------------------
>
>                 Key: HIVE-25381
>                 URL: https://issues.apache.org/jira/browse/HIVE-25381
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Ranith Sardar
>            Assignee: Ranith Sardar
>            Priority: Minor
>             Fix For: 3.1.0, 4.0.0
>
>
> When hive.server2.enable.doAs = True and setting hive as the default value for "hive.load.data.owner"
property, this will cause below logic(in Hive.java-needToCopy{color:#24292e}({color}))  to
fail always as the framework is validating the owner of the file against the value which we
set in the property hive.load.data.owner.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Mime
View raw message