[
https://issues.apache.org/jira/browse/HIVE-21532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16803892#comment-16803892
]
Oleksandr Polishchuk edited comment on HIVE-21532 at 3/29/19 12:43 PM:
-----------------------------------------------------------------------
*FIXED*
In Hive-2.3. See attached patch.
*ROOT CAUSE*
There was passed {{dest_path}} not a {{queryTmpdir}} as was in Hive-2.1. Some
restrictions related with {{FallbackHiveAuthorizerFactory}}
*SOLUTION*
There was passed {{queryTmpdir}} instead of {{dest_path}} in the
{{org.apache.hadoop.ql.parse.SemanticAnalyzer}}
{code:java}
String statsTmpLoc = ctx.getTempDirForPath(queryTmpdir).toString();
{code}
{{The properties {{hive.security.authorization.enabled}} and
hive.security.authorization.manager were deleted from }}{{hive-site.xml}}.
*EFFECTS*
- Created {{TmpDirForPath}}.
- Access is allowed for user without root permission
was (Author: polishchuk):
*FIXED*
In Hive-2.3. See attached patch.
*ROOT CAUSE*
There was passed {{dest_path}} not a {{queryTmpdir}} as was in Hive-2.1. Some
restrictions related with {{FallbackHiveAuthorizerFactory}}
*SOLUTION*
There was passed {{queryTmpdir}} instead of {{dest_path}} in the
{{org.apache.hadoop.ql.parse.SemanticAnalyzer}}
{code:java}
String statsTmpLoc = ctx.getTempDirForPath(queryTmpdir).toString();
{code}
{{The properties }}{{hive.security.authorization.enabled and
hive.security.authorization.manager were deleted from }}{{hive-site.xml}}.
*EFFECTS*
- Created {{TmpDirForPath}}.
- Access is allowed for user without root permission
> RuntimeException due to AccessControlException during creating
> hive-staging-dir
> -------------------------------------------------------------------------------
>
> Key: HIVE-21532
> URL: https://issues.apache.org/jira/browse/HIVE-21532
> Project: Hive
> Issue Type: Bug
> Reporter: Oleksandr Polishchuk
> Assignee: Oleksandr Polishchuk
> Priority: Minor
> Attachments: HIVE-21532.1.patch, HIVE-21532.1.patch,
> HIVE-21532.2.patch
>
>
> The bug was found with environment - Hive-2.3.
> Steps lead to an exception:
> 1) Create user without root permissions on your node.
> 2) The {{hive-site.xml}} file has to contain the next properties:
> {code:java}
> <property>
> <name>hive.security.authorization.enabled</name>
> <value>true</value>
> </property>
> <property>
> <name>hive.security.authorization.manager</name>
>
> <value>org.apache.hadoop.hive.ql.security.authorization.plugin.fallback.FallbackHiveAuthorizerFactory</value>
> </property>
> {code}
> 3) Open Hive CLI and do next query:
> {code:java}
> insert overwrite local directory '/tmp/test_dir' row format delimited fields
> terminated by ',' select * from temp.test;
> {code}
> The previous query will fails with the next exception:
> {code:java}
> FAILED: RuntimeException Cannot create staging directory
> 'hdfs:///tmp/test_dir/.hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1':
> User testuser(user id 3456) has been denied access to create
> .hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1
> {code}
> The investigation shows that if delete the mentioned above properties from
> {{hive-site.xml}} and pass {{`queryTmpdir`}} instead of {{`dest_path`}} in
> the {{org.apache.hadoop.hive.ql.Context#getTempDirForPath()}} as was in the
> Hive-2.1. everything will be fine. The current method is using in the
> {{org.apache.hadoop.hive.ql.parse.SemanticAnalyzer}} - {{String statsTmpLoc
> = ctx.getTempDirForPath(dest_path).toString();}}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
