[
https://issues.apache.org/jira/browse/SENTRY-951?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14999650#comment-14999650
]
Hao Hao commented on SENTRY-951:
--------------------------------
Yeah, all those changes are inside the patch I posted for the e2e test on mini
cluster I added. And step is as you described:
1. mkdir /hive and set the ownership to be hdfs:supergroup;
2. add /hive into sentry prefix:
hadoopConf.set("sentry.authorization-provider.hdfs-path-prefixes",
"/user/hive/warehouse,/tmp/external,/hive");
3. and make it as warehouse dir.
hiveConf.set("hive.metastore.warehouse.dir", "hdfs:///hive");
4. getAclStatus gets hive:hive.
But I will test it on a real cluster with my jar.
> move hive warehouse dir to /hive, the dir doesn't have hive:hive as owner.
> --------------------------------------------------------------------------
>
> Key: SENTRY-951
> URL: https://issues.apache.org/jira/browse/SENTRY-951
> Project: Sentry
> Issue Type: Bug
> Reporter: Anne Yu
> Attachments: SENTRY-951.0.test.patch
>
>
> {noformat}
> sudo -u hdfs hdfs dfs -mkdir -p /another
> sudo -u hdfs hdfs dfs -getfacl /another
> hfds:supergroup
> {noformat}
> put /another into hive.metastore.warehouse.dir;
> add /another into hdfs sentry syncup prefix;
> restart hive, sentry, hdfs
> {code}
> [root@anneyu-538-1 ~]# sudo -u hdfs hdfs dfs -getfacl /another
> # file: /another
> # owner: hdfs
> # group: supergroup
> user::rwx
> group::r-x
> other::r-x
> {code}
> If create table will get the below errors:
> {code}
> 0: jdbc:hive2://anneyu-538-4.vpc.cloudera.com> create table test7(s string);
> Error: Error while processing statement: FAILED: Execution Error, return code
> 1 from org.apache.hadoop.hive.ql.exec.DDLTask. MetaException(message:Got
> exception: org.apache.hadoop.security.AccessControlException Permission
> denied: user=hive, access=WRITE, inode="/another":hdfs:supergroup:drwxr-xr-x
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
