managed directory.

Hive QA (JIRA) Wed, 27 Jun 2018 06:24:25 -0700


    [ 
https://issues.apache.org/jira/browse/HIVE-20001?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16525088#comment-16525088
 ]


Hive QA commented on HIVE-20001:
--------------------------------

| (x) *{color:red}-1 overall{color}* |
\\
\\
|| Vote || Subsystem || Runtime || Comment ||
|| || || || {color:brown} Prechecks {color} ||
| {color:green}+1{color} | {color:green} @author {color} | {color:green}  0m  
0s{color} | {color:green} The patch does not contain any @author tags. {color} |
|| || || || {color:brown} master Compile Tests {color} ||
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green}  8m 
 3s{color} | {color:green} master passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green}  1m  
5s{color} | {color:green} master passed {color} |
| {color:green}+1{color} | {color:green} checkstyle {color} | {color:green}  0m 
42s{color} | {color:green} master passed {color} |
| {color:blue}0{color} | {color:blue} findbugs {color} | {color:blue}  4m  
6s{color} | {color:blue} ql in master has 2280 extant Findbugs warnings. 
{color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green}  0m 
57s{color} | {color:green} master passed {color} |
|| || || || {color:brown} Patch Compile Tests {color} ||
| {color:green}+1{color} | {color:green} mvninstall {color} | {color:green}  1m 
27s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} compile {color} | {color:green}  1m  
5s{color} | {color:green} the patch passed {color} |
| {color:green}+1{color} | {color:green} javac {color} | {color:green}  1m  
5s{color} | {color:green} the patch passed {color} |
| {color:red}-1{color} | {color:red} checkstyle {color} | {color:red}  0m 
40s{color} | {color:red} ql: The patch generated 7 new + 23 unchanged - 2 fixed 
= 30 total (was 25) {color} |
| {color:green}+1{color} | {color:green} whitespace {color} | {color:green}  0m 
 0s{color} | {color:green} The patch has no whitespace issues. {color} |
| {color:red}-1{color} | {color:red} findbugs {color} | {color:red}  4m 
15s{color} | {color:red} ql generated 4 new + 2280 unchanged - 0 fixed = 2284 
total (was 2280) {color} |
| {color:green}+1{color} | {color:green} javadoc {color} | {color:green}  0m 
58s{color} | {color:green} the patch passed {color} |
|| || || || {color:brown} Other Tests {color} ||
| {color:green}+1{color} | {color:green} asflicense {color} | {color:green}  0m 
14s{color} | {color:green} The patch does not generate ASF License warnings. 
{color} |
| {color:black}{color} | {color:black} {color} | {color:black} 24m  4s{color} | 
{color:black} {color} |
\\
\\
|| Reason || Tests ||
| FindBugs | module:ql |
|  |  org.apache.hadoop.hive.ql.security.authorization.Privilege defines equals 
and uses Object.hashCode()  At Privilege.java:Object.hashCode()  At 
Privilege.java:[lines 121-126] |
|  |  
org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider$PrivilegeExtractor.getReadReqPriv()
 may expose internal representation by returning 
StorageBasedAuthorizationProvider$PrivilegeExtractor.readReqPriv  At 
StorageBasedAuthorizationProvider.java:by returning 
StorageBasedAuthorizationProvider$PrivilegeExtractor.readReqPriv  At 
StorageBasedAuthorizationProvider.java:[line 505] |
|  |  
org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider$PrivilegeExtractor.getWriteReqPriv()
 may expose internal representation by returning 
StorageBasedAuthorizationProvider$PrivilegeExtractor.writeReqPriv  At 
StorageBasedAuthorizationProvider.java:by returning 
StorageBasedAuthorizationProvider$PrivilegeExtractor.writeReqPriv  At 
StorageBasedAuthorizationProvider.java:[line 509] |
|  |  Should 
org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider$PrivilegeExtractor
 be a _static_ inner class?  At StorageBasedAuthorizationProvider.java:inner 
class?  At StorageBasedAuthorizationProvider.java:[lines 467-509] |
\\
\\
|| Subsystem || Report/Notes ||
| Optional Tests |  asflicense  javac  javadoc  findbugs  checkstyle  compile  |
| uname | Linux hiveptest-server-upstream 3.16.0-4-amd64 #1 SMP Debian 
3.16.36-1+deb8u1 (2016-09-03) x86_64 GNU/Linux |
| Build tool | maven |
| Personality | 
/data/hiveptest/working/yetus_PreCommit-HIVE-Build-12187/dev-support/hive-personality.sh
 |
| git revision | master / c7fe4ef |
| Default Java | 1.8.0_111 |
| findbugs | v3.0.0 |
| checkstyle | 
http://104.198.109.242/logs//PreCommit-HIVE-Build-12187/yetus/diff-checkstyle-ql.txt
 |
| findbugs | 
http://104.198.109.242/logs//PreCommit-HIVE-Build-12187/yetus/new-findbugs-ql.html
 |
| modules | C: ql U: ql |
| Console output | 
http://104.198.109.242/logs//PreCommit-HIVE-Build-12187/yetus.txt |
| Powered by | Apache Yetus    http://yetus.apache.org |


This message was automatically generated.



> With doas set to true, running select query as hrt_qa user on external table 
> fails due to permission denied to read /warehouse/tablespace/managed 
> directory.
> ------------------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HIVE-20001
>                 URL: https://issues.apache.org/jira/browse/HIVE-20001
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Jaume M
>            Assignee: Jaume M
>            Priority: Major
>              Labels: pull-request-available
>         Attachments: HIVE-20001.1.patch, HIVE-20001.1.patch
>
>
> Hive: With doas set to true, running select query as hrt_qa user on external 
> table fails due to permission denied to read /warehouse/tablespace/managed 
> directory.
> Steps: 
> 1. Create a external table.
> 2. Set doas to true.
> 3. run select count(*) using user hrt_qa.
> Table creation query.
> {code}
> beeline -n hrt_qa -p pwd -u 
> "jdbc:hive2://ctr-e138-1518143905142-375925-01-000006.hwx.site:2181,ctr-e138-1518143905142-375925-01-000005.hwx.site:2181,ctr-e138-1518143905142-375925-01-000007.hwx.site:2181/;serviceDiscoveryMode=zooKeeper;zooKeeperNamespace=hiveserver2;principal=hive/[email protected];transportMode=http;httpPath=cliservice;ssl=true;sslTrustStore=/etc/security/serverKeys/hivetruststore.jks;trustStorePassword=changeit"
>  --outputformat=tsv -e "drop table if exists test_table purge;
> create external table test_table(id int, age int) row format delimited fields 
> terminated by '|' stored as textfile;
> load data inpath '/tmp/table1.dat' overwrite into table test_table;
> {code}
> select count(*) query execution fails
> {code}
> beeline -n hrt_qa -p pwd -u 
> "jdbc:hive2://ctr-e138-1518143905142-375925-01-000006.hwx.site:2181,ctr-e138-1518143905142-375925-01-000005.hwx.site:2181,ctr-e138-1518143905142-375925-01-000007.hwx.site:2181/;serviceDiscoveryMode=zooKeeper;zooKeeperNamespace=hiveserver2;principal=hive/[email protected];transportMode=http;httpPath=cliservice;ssl=true;sslTrustStore=/etc/security/serverKeys/hivetruststore.jks;trustStorePassword=changeit"
>  --outputformat=tsv -e "select count(*) from test_table where age>30 and 
> id<10100;"
> 2018-06-22 10:22:29,328|INFO|Thread-126|machine.py:111 - 
> tee_pipe()||b3a493ec-99be-483e-91fe-4b701ec27ebc|SLF4J: Class path contains 
> multiple SLF4J bindings.
> 2018-06-22 10:22:29,330|INFO|Thread-126|machine.py:111 - 
> tee_pipe()||b3a493ec-99be-483e-91fe-4b701ec27ebc|SLF4J: See 
> http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
> 2018-06-22 10:22:29,335|INFO|Thread-126|machine.py:111 - 
> tee_pipe()||b3a493ec-99be-483e-91fe-4b701ec27ebc|SLF4J: Actual binding is of 
> type [org.apache.logging.slf4j.Log4jLoggerFactory]
> 2018-06-22 10:22:31,408|INFO|Thread-126|machine.py:111 - 
> tee_pipe()||b3a493ec-99be-483e-91fe-4b701ec27ebc|Format tsv is deprecated, 
> please use tsv2
> 2018-06-22 10:22:31,529|INFO|Thread-126|machine.py:111 - 
> tee_pipe()||b3a493ec-99be-483e-91fe-4b701ec27ebc|Connecting to 
> jdbc:hive2://ctr-e138-1518143905142-375925-01-000006.hwx.site:2181,ctr-e138-1518143905142-375925-01-000005.hwx.site:2181,ctr-e138-1518143905142-375925-01-000007.hwx.site:2181/;serviceDiscoveryMode=zooKeeper;zooKeeperNamespace=hiveserver2;principal=hive/[email protected];transportMode=http;httpPath=cliservice;ssl=true;sslTrustStore=/etc/security/serverKeys/hivetruststore.jks;trustStorePassword=changeit
> 2018-06-22 10:22:32,031|INFO|Thread-126|machine.py:111 - 
> tee_pipe()||b3a493ec-99be-483e-91fe-4b701ec27ebc|18/06/22 10:22:32 [main]: 
> INFO jdbc.HiveConnection: Connected to 
> ctr-e138-1518143905142-375925-01-000004.hwx.site:10001
> 2018-06-22 10:22:34,130|INFO|Thread-126|machine.py:111 - 
> tee_pipe()||b3a493ec-99be-483e-91fe-4b701ec27ebc|18/06/22 10:22:34 [main]: 
> WARN jdbc.HiveConnection: Failed to connect to 
> ctr-e138-1518143905142-375925-01-000004.hwx.site:10001
> 2018-06-22 10:22:34,244|INFO|Thread-126|machine.py:111 - 
> tee_pipe()||b3a493ec-99be-483e-91fe-4b701ec27ebc|18/06/22 10:22:34 [main]: 
> WARN jdbc.HiveConnection: Could not open client transport with JDBC Uri: 
> jdbc:hive2://ctr-e138-1518143905142-375925-01-000004.hwx.site:10001/;serviceDiscoveryMode=zooKeeper;zooKeeperNamespace=hiveserver2;principal=hive/[email protected];transportMode=http;httpPath=cliservice;ssl=true;sslTrustStore=/etc/security/serverKeys/hivetruststore.jks;trustStorePassword=changeit:
>  Failed to open new session: 
> org.apache.hadoop.hive.ql.metadata.HiveException: 
> MetaException(message:java.security.AccessControlException: Permission 
> denied: user=hrt_qa, access=READ, 
> inode="/warehouse/tablespace/managed/hive":hive:hadoop:drwx------
> {code}
> warehouse directory - 
> {code}
> -bash-4.2$ hdfs dfs -ls /warehouse/tablespace/
> Found 2 items
> drwxr-xr-x   - hdfs hdfs          0 2018-06-22 07:01 
> /warehouse/tablespace/external
> drwxr-xr-x   - hdfs hdfs          0 2018-06-22 07:01 
> /warehouse/tablespace/managed
> -bash-4.2$ hdfs dfs -ls /warehouse/tablespace/managed/hive
> Found 5 items
> drwxrwx---+  - hive hadoop          0 2018-06-22 09:28 
> /warehouse/tablespace/managed/hive/all10kw
> drwxrwx---+  - hive hadoop          0 2018-06-22 09:24 
> /warehouse/tablespace/managed/hive/hive8295
> drwxrwx---+  - hive hadoop          0 2018-06-22 07:20 
> /warehouse/tablespace/managed/hive/information_schema.db
> drwxrwxrwx+  - hive hadoop          0 2018-06-22 07:20 
> /warehouse/tablespace/managed/hive/sys.db
> drwxrwx---+  - hive hadoop          0 2018-06-22 09:27 
> /warehouse/tablespace/managed/hive/tbl1002
> -bash-4.2$ hdfs dfs -ls /warehouse/tablespace/external/hive
> Found 2 items
> drwxr-xr-x+  - hive hadoop          0 2018-06-22 07:02 
> /warehouse/tablespace/external/hive/sys.db
> drwxrwxrwx+  - hive hadoop          0 2018-06-22 10:12 
> /warehouse/tablespace/external/hive/test_table
> -bash-4.2$ exit
> logout
> {code}
> It looks like the code still assumes external tables to be present under 
> '/warehouse/tablespace/managed' directory similar to earlier 
> '/apps/hive/warehouse'. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Commented] (HIVE-20001) With doas set to true, running select query as hrt_qa user on external table fails due to permission denied to read /warehouse/tablespace/managed directory.

Reply via email to