[jira] [Commented] (HIVE-7890) SessionState creates HMS Client while not impersonating

Tue, 02 Sep 2014 10:00:48 -0700 

    [ 
https://issues.apache.org/jira/browse/HIVE-7890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14118350#comment-14118350
 ] 

Prasad Mujumdar commented on HIVE-7890:
---------------------------------------

Looks fine to me. 
HS2 handles the thrift connection to HMS by recreating a new connection for new 
session in case of impersonation. The HiveDB object was not handled in the same 
way. This patch is handling that more efficiently.

+1


> SessionState creates HMS Client while not impersonating
> -------------------------------------------------------
>
>                 Key: HIVE-7890
>                 URL: https://issues.apache.org/jira/browse/HIVE-7890
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Brock Noland
>            Assignee: Brock Noland
>         Attachments: HIVE-7890.2.patch
>
>
> In SessionState.start [an instance of the the HMSClient is 
> created|https://github.com/apache/hive/blob/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java#L367].
>  When impersonation is enabled, this call does not occur within a "doas" call 
> and thus the HMSClient is created as the server user, not the impersonated 
> user.
> Thus calls to the HMS are made by the "hive" user as opposed to the end user. 
> This causes file ownership such as a database directory owner to be 
> incorrect. While debugging this, I got stack trace below. As you can see we 
> are calling getMSC without a doas.
> {noformat}
>       at org.apache.hadoop.hive.ql.metadata.Hive.getMSC(Hive.java:2474)
>       at 
> org.apache.hadoop.hive.ql.session.SessionState.start(SessionState.java:367)
>       at 
> org.apache.hive.service.cli.session.HiveSessionImpl.<init>(HiveSessionImpl.java:121)
>       at 
> org.apache.hive.service.cli.session.HiveSessionImplwithUGI.<init>(HiveSessionImplwithUGI.java:49)
>       at 
> org.apache.hive.service.cli.session.SessionManager.openSession(SessionManager.java:130)
>       at 
> org.apache.hive.service.cli.CLIService.openSessionWithImpersonation(CLIService.java:163)
>       at 
> org.apache.hive.service.cli.thrift.ThriftCLIService.getSessionHandle(ThriftCLIService.java:290)
>       at 
> org.apache.hive.service.cli.thrift.ThriftCLIService.OpenSession(ThriftCLIService.java:208)
>       at 
> org.apache.hive.service.cli.thrift.TCLIService$Processor$OpenSession.getResult(TCLIService.java:1313)
>       at 
> org.apache.hive.service.cli.thrift.TCLIService$Processor$OpenSession.getResult(TCLIService.java:1298)
>       at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39)
>       at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
>       at 
> org.apache.hive.service.auth.TSetIpAddressProcessor.process(TSetIpAddressProcessor.java:55)
>       at 
> org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:244)
>       at 
> java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
>       at 
> java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
>       at java.lang.Thread.run(Thread.java:744)
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to