[
https://issues.apache.org/jira/browse/HIVE-22273?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16940938#comment-16940938
]
Peter Vary commented on HIVE-22273:
-----------------------------------
Also this results in:
{code}
2019-09-24T16:12:59,614 ERROR [7e491237-1505-4388-afb9-5ec2a688b0dc
HiveServer2-HttpHandler-Pool: Thread-11941]: ql.Driver (:()) - FAILED:
HiveAccessControlException Permission denied: user [SOMEONE] does not have
[ALL] privilege on [hdfs://HDFS_FOLDER/TABLE_NAME]
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException:
Permission denied: user [SOMEONE] does not have [ALL] privilege on
[hdfs://HDFS_FOLDER/TABLE_NAME]
at
org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.checkPrivileges(RangerHiveAuthorizer.java:288)
at org.apache.hadoop.hive.ql.Driver.doAuthorizationV2(Driver.java:1336)
at org.apache.hadoop.hive.ql.Driver.doAuthorization(Driver.java:1100)
at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:709)
at org.apache.hadoop.hive.ql.Driver.compileInternal(Driver.java:1869)
at org.apache.hadoop.hive.ql.Driver.compileAndRespond(Driver.java:1816)
at org.apache.hadoop.hive.ql.Driver.compileAndRespond(Driver.java:1811)
at
org.apache.hadoop.hive.ql.reexec.ReExecDriver.compileAndRespond(ReExecDriver.java:126)
at
org.apache.hive.service.cli.operation.SQLOperation.prepare(SQLOperation.java:197)
at
org.apache.hive.service.cli.operation.SQLOperation.runInternal(SQLOperation.java:262)
at
org.apache.hive.service.cli.operation.Operation.run(Operation.java:247)
at
org.apache.hive.service.cli.session.HiveSessionImpl.executeStatementInternal(HiveSessionImpl.java:575)
at
org.apache.hive.service.cli.session.HiveSessionImpl.executeStatementAsync(HiveSessionImpl.java:561)
at sun.reflect.GeneratedMethodAccessor148.invoke(Unknown Source)
at
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at
org.apache.hive.service.cli.session.HiveSessionProxy.invoke(HiveSessionProxy.java:78)
at
org.apache.hive.service.cli.session.HiveSessionProxy.access$000(HiveSessionProxy.java:36)
at
org.apache.hive.service.cli.session.HiveSessionProxy$1.run(HiveSessionProxy.java:63)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1730)
at
org.apache.hive.service.cli.session.HiveSessionProxy.invoke(HiveSessionProxy.java:59)
at com.sun.proxy.$Proxy71.executeStatementAsync(Unknown Source)
at
org.apache.hive.service.cli.CLIService.executeStatementAsync(CLIService.java:315)
at
org.apache.hive.service.cli.thrift.ThriftCLIService.ExecuteStatement(ThriftCLIService.java:566)
at
org.apache.hive.service.rpc.thrift.TCLIService$Processor$ExecuteStatement.getResult(TCLIService.java:1557)
at
org.apache.hive.service.rpc.thrift.TCLIService$Processor$ExecuteStatement.getResult(TCLIService.java:1542)
at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39)
at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
at org.apache.thrift.server.TServlet.doPost(TServlet.java:83)
at
org.apache.hive.service.cli.thrift.ThriftHttpServlet.doPost(ThriftHttpServlet.java:208)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at
org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:848)
at
org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
at
org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:224)
at
org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)
at
org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:513)
at
org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
at
org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)
at
org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at
org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:493)
at
org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
{code}
> Access check is failed when a temporary directory is removed
> ------------------------------------------------------------
>
> Key: HIVE-22273
> URL: https://issues.apache.org/jira/browse/HIVE-22273
> Project: Hive
> Issue Type: Bug
> Reporter: Peter Vary
> Assignee: Peter Vary
> Priority: Major
> Attachments: HIVE-22273.patch
>
>
> The following exception is thrown if a temporary file is deleted during the
> access checks:
> {code}
> 2019-09-24T16:12:59,611 ERROR [7e491237-1505-4388-afb9-5ec2a688b0dc
> HiveServer2-HttpHandler-Pool: Thread-11941]: authorizer.RangerHiveAuthorizer
> (:()) - Error getting permissions for hdfs://HDFS_FOLDER/TABLE_NAME
> java.io.FileNotFoundException: File
> hdfs://HDFS_FOLDER/TABLE_NAME/.hive-staging_hive_2019-09-24_16-12-48_899_7291847300113791212-245/_tmp.-ext-10001
> does not exist.
> at
> org.apache.hadoop.hdfs.DistributedFileSystem.listStatusInternal(DistributedFileSystem.java:1059)
> ~[hadoop-hdfs-client-3.1.1.3.1.0.0-78.jar:?]
> at
> org.apache.hadoop.hdfs.DistributedFileSystem.access$1000(DistributedFileSystem.java:131)
> ~[hadoop-hdfs-client-3.1.1.3.1.0.0-78.jar:?]
> at
> org.apache.hadoop.hdfs.DistributedFileSystem$24.doCall(DistributedFileSystem.java:1119)
> ~[hadoop-hdfs-client-3.1.1.3.1.0.0-78.jar:?]
> at
> org.apache.hadoop.hdfs.DistributedFileSystem$24.doCall(DistributedFileSystem.java:1116)
> ~[hadoop-hdfs-client-3.1.1.3.1.0.0-78.jar:?]
> at
> org.apache.hadoop.fs.FileSystemLinkResolver.resolve(FileSystemLinkResolver.java:81)
> ~[hadoop-common-3.1.1.3.1.0.0-78.jar:?]
> at
> org.apache.hadoop.hdfs.DistributedFileSystem.listStatus(DistributedFileSystem.java:1126)
> ~[hadoop-hdfs-client-3.1.1.3.1.0.0-78.jar:?]
> at
> org.apache.hadoop.hive.common.FileUtils.checkIsOwnerOfFileHierarchy(FileUtils.java:561)
> ~[hive-common-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at
> org.apache.hadoop.hive.common.FileUtils.checkIsOwnerOfFileHierarchy(FileUtils.java:564)
> ~[hive-common-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at
> org.apache.hadoop.hive.common.FileUtils.checkIsOwnerOfFileHierarchy(FileUtils.java:564)
> ~[hive-common-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at org.apache.hadoop.hive.common.FileUtils$4.run(FileUtils.java:540)
> ~[hive-common-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at org.apache.hadoop.hive.common.FileUtils$4.run(FileUtils.java:536)
> ~[hive-common-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at java.security.AccessController.doPrivileged(Native Method)
> ~[?:1.8.0_171]
> at javax.security.auth.Subject.doAs(Subject.java:422) ~[?:1.8.0_171]
> at
> org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1730)
> ~[hadoop-common-3.1.1.3.1.0.0-78.jar:?]
> at
> org.apache.hadoop.hive.common.FileUtils.isOwnerOfFileHierarchy(FileUtils.java:536)
> ~[hive-common-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at
> org.apache.hadoop.hive.common.FileUtils.isOwnerOfFileHierarchy(FileUtils.java:527)
> ~[hive-common-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at
> org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.isURIAccessAllowed(RangerHiveAuthorizer.java:1420)
> ~[?:?]
> at
> org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.checkPrivileges(RangerHiveAuthorizer.java:287)
> ~[?:?]
> at org.apache.hadoop.hive.ql.Driver.doAuthorizationV2(Driver.java:1336)
> ~[hive-exec-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at org.apache.hadoop.hive.ql.Driver.doAuthorization(Driver.java:1100)
> ~[hive-exec-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:709)
> ~[hive-exec-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at org.apache.hadoop.hive.ql.Driver.compileInternal(Driver.java:1869)
> ~[hive-exec-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at org.apache.hadoop.hive.ql.Driver.compileAndRespond(Driver.java:1816)
> ~[hive-exec-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at org.apache.hadoop.hive.ql.Driver.compileAndRespond(Driver.java:1811)
> ~[hive-exec-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at
> org.apache.hadoop.hive.ql.reexec.ReExecDriver.compileAndRespond(ReExecDriver.java:126)
> ~[hive-exec-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at
> org.apache.hive.service.cli.operation.SQLOperation.prepare(SQLOperation.java:197)
> ~[hive-service-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at
> org.apache.hive.service.cli.operation.SQLOperation.runInternal(SQLOperation.java:262)
> ~[hive-service-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at
> org.apache.hive.service.cli.operation.Operation.run(Operation.java:247)
> ~[hive-service-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at
> org.apache.hive.service.cli.session.HiveSessionImpl.executeStatementInternal(HiveSessionImpl.java:575)
> ~[hive-service-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at
> org.apache.hive.service.cli.session.HiveSessionImpl.executeStatementAsync(HiveSessionImpl.java:561)
> ~[hive-service-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at sun.reflect.GeneratedMethodAccessor148.invoke(Unknown Source) ~[?:?]
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> ~[?:1.8.0_171]
> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_171]
> at
> org.apache.hive.service.cli.session.HiveSessionProxy.invoke(HiveSessionProxy.java:78)
> ~[hive-service-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at
> org.apache.hive.service.cli.session.HiveSessionProxy.access$000(HiveSessionProxy.java:36)
> ~[hive-service-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at
> org.apache.hive.service.cli.session.HiveSessionProxy$1.run(HiveSessionProxy.java:63)
> ~[hive-service-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at java.security.AccessController.doPrivileged(Native Method)
> ~[?:1.8.0_171]
> at javax.security.auth.Subject.doAs(Subject.java:422) ~[?:1.8.0_171]
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
