Hi, all
I have enabled hive authorization in my testing cluster. I use the user
hive to create database hivedb and grant create privilege on hivedb to user
root.
But I come across the following problem that root can not create table in
hivedb even it has the create privilege.
FAILED: Execution Error, return code 1 from
org.apache.hadoop.hive.ql.exec.DDLTask.
MetaException(message:Got exception:
org.apache.hadoop.security.AccessControlException
Permission denied: user=root, access=WRITE, inode="/tmp/user/hive/
warehouse/hivedb.db":hive:hadoop:drwxr-xr-x
at org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.
check(FSPermissionChecker.java:234)
at org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.
check(FSPermissionChecker.java:214)
at org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.
checkPermission(FSPermissionChecker.java:158)
at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.
checkPermission(FSNamesystem.java:5499)
at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.
checkPermission(FSNamesystem.java:5481)
at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.
checkAncestorAccess(FSNamesystem.java:5455)
at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.
mkdirsInternal(FSNamesystem.java:3455)
at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.
mkdirsInt(FSNamesystem.java:3425)
at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.mkdirs(
FSNamesystem.java:3397)
at org.apache.hadoop.hdfs.server.namenode.NameNodeRpcServer.
mkdirs(NameNodeRpcServer.java:724)
at org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSi
deTranslatorPB.mkdirs(ClientNamenodeProtocolServerSideTranslatorPB.java:502)
at org.apache.hadoop.hdfs.protocol.proto.
ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(
ClientNamenodeProtocolProtos.java:48089)
at org.apache.hadoop.ipc.ProtobufRpcEngine$Server$
ProtoBufRpcInvoker.call(ProtobufRpcEngine.java:585)
at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:928)
at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2048)
at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2044)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:396)
at org.apache.hadoop.security.UserGroupInformation.doAs(
UserGroupInformation.java:1491)
at org.apache.hadoop.ipc.Server$Handler.run(Server.java:2042)
It is obviously that the hivedb.db directory in HDFS are not allowed to be
written by other user. So how does hive authorization work under the HDFS
permissions?
PS. if I create a table by user hive and grant update privilege to user
root. The same ERROR will come across if I load data into the table by root.
Look forward to your reply!
Thanks
Alex
