[ 
https://issues.apache.org/jira/browse/HIVE-13532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Changshu Liu updated HIVE-13532:
--------------------------------
    Attachment: HIVE-13532.2.patch

> MapredLocalTask should use the same security settings as remote task
> --------------------------------------------------------------------
>
>                 Key: HIVE-13532
>                 URL: https://issues.apache.org/jira/browse/HIVE-13532
>             Project: Hive
>          Issue Type: Bug
>    Affects Versions: 1.1.0
>         Environment: HADOOP_PROXY_USER is set.
>            Reporter: Zhiwen Sun
>            Assignee: Changshu Liu
>            Priority: Major
>         Attachments: HIVE-13532.1.patch, HIVE-13532.2.patch
>
>
> Map join set HADOOP_USER_NAME should be realuser's username.
> Current, hive set HADOOP_USER_NAME env for mapjoin local process according:
> {quote}
>    String endUserName = Utils.getUGI().getShortUserName();
> {quote}
> suppose set HADOOP_PROXY_USER=abc in shell.
> map join local job will have following env:
> {quote}
> HADOOP_USER_NAME=abc
> HADOOP_PROXY_NAME=abc
> {quote}
> this will cause such exception:
> {quote}
> java.io.IOException: 
> org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException):
>  User: abc is not allowed to impersonate 
> {quote}
> I think we should set HADOOP_USER_NAME to realuser:
> {quote}
>    String endUserName = Utils.getUGI().getRealUser().getShortUserName();
> {quote}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to