[ https://issues.apache.org/jira/browse/AMBARI-22435?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16251716#comment-16251716 ]
Hadoop QA commented on AMBARI-22435: ------------------------------------ {color:red}-1 overall{color}. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12897443/AMBARI-22435-trunk.patch against trunk revision . {color:green}+1 @author{color}. The patch does not contain any @author tags. {color:red}-1 tests included{color}. The patch doesn't appear to include any new or modified tests. Please justify why no new tests are needed for this patch. Also please list what manual steps were performed to verify this patch. {color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings. {color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings. {color:red}-1 core tests{color}. The test build failed in [ambari-server|https://builds.apache.org/job/Ambari-trunk-test-patch/12667//artifact/patch-work/testrun_ambari-server.txt] Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/12667//console This message is automatically generated. > Hive services sets incorrect permissions on the root of HDFS while setting up > replication > ----------------------------------------------------------------------------------------- > > Key: AMBARI-22435 > URL: https://issues.apache.org/jira/browse/AMBARI-22435 > Project: Ambari > Issue Type: Bug > Components: ambari-server > Affects Versions: 2.6.0 > Reporter: Deepesh Khandelwal > Priority: Critical > Fix For: trunk > > Attachments: AMBARI-22435-trunk.patch > > > While starting Hive metastore or HiveServer2 observed that the hdfs audit log > had the following entries: > {noformat} > 2017-11-14 01:48:03,682 INFO FSNamesystem.audit: allowed=true ugi=hdfs > (auth:SIMPLE) ip=/172.27.70.128 cmd=getfileinfo src=/ dst=null > perm=null proto=webhdfs > 2017-11-14 01:48:03,745 INFO FSNamesystem.audit: allowed=true ugi=hdfs > (auth:SIMPLE) ip=/172.27.70.128 cmd=setPermission src=/ > dst=null perm=hdfs:hdfs:rwxrwxrwt proto=webhdfs > 2017-11-14 01:48:03,809 INFO FSNamesystem.audit: allowed=true ugi=hdfs > (auth:SIMPLE) ip=/172.27.70.128 cmd=setOwner src=/ dst=null > perm=hive:hadoop:rwxrwxrwt proto=webhdfs > 2017-11-14 01:48:04,126 INFO FSNamesystem.audit: allowed=true ugi=hdfs > (auth:SIMPLE) ip=/172.27.70.128 cmd=getfileinfo src=/ dst=null > perm=null proto=webhdfs > 2017-11-14 01:48:04,189 INFO FSNamesystem.audit: allowed=true ugi=hdfs > (auth:SIMPLE) ip=/172.27.70.128 cmd=setPermission src=/ > dst=null perm=hive:hadoop:rwx------ proto=webhdfs > {noformat} > The consequence of this was that for any non-hdfs user you will see the > following error running hadoop commands: > {noformat} > $ hadoop fs -ls / > ls: Permission denied: user=root, access=READ_EXECUTE, > inode="/":hive:hadoop:drwx------ > {noformat} > On debugging this was happening due to incomplete null/empty check on params > hive_repl_cmrootdir and hive_repl_rootdir in > ambari/blob/trunk/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive.py. -- This message was sent by Atlassian JIRA (v6.4.14#64029)