[
https://issues.apache.org/jira/browse/SENTRY-951?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14998669#comment-14998669
]
Ryan P commented on SENTRY-951:
-------------------------------
Correct me if I am wrong but I believe the default /user/hive/warehouse is only
owned by hive:hive because that is part of the set up process. Hive doesn't
actually set these permissions the administrator does. Same goes for the sticky
bit. Not really sure this is a bug so much as a happenstance when decoupling
the metadata from it's storage.
Alternatively we could treat all configured prefix's as 'managed' which would
return hive:hive when getUser() and getGroup() are called from the
authorization provider.
> move hive warehouse dir to /hive, the dir doesn't have hive:hive as owner.
> --------------------------------------------------------------------------
>
> Key: SENTRY-951
> URL: https://issues.apache.org/jira/browse/SENTRY-951
> Project: Sentry
> Issue Type: Bug
> Reporter: Anne Yu
>
> {noformat}
> sudo -u hdfs hdfs dfs -mkdir -p /another
> sudo -u hdfs hdfs dfs -getfacl /another
> hfds:supergroup
> {noformat}
> put /another into hive.metastore.warehouse.dir;
> add /another into hdfs sentry syncup prefix;
> restart hive, sentry, hdfs
> {code}
> [root@anneyu-538-1 ~]# sudo -u hdfs hdfs dfs -getfacl /another
> # file: /another
> # owner: hdfs
> # group: supergroup
> user::rwx
> group::r-x
> other::r-x
> {code}
> If create table will get the below errors:
> {code}
> 0: jdbc:hive2://anneyu-538-4.vpc.cloudera.com> create table test7(s string);
> Error: Error while processing statement: FAILED: Execution Error, return code
> 1 from org.apache.hadoop.hive.ql.exec.DDLTask. MetaException(message:Got
> exception: org.apache.hadoop.security.AccessControlException Permission
> denied: user=hive, access=WRITE, inode="/another":hdfs:supergroup:drwxr-xr-x
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
