[jira] [Commented] (HIVE-12231) StorageBasedAuthorization requires write permission of default Warehouse when create external database

Thu, 22 Oct 2015 19:08:55 -0700 

    [ 
https://issues.apache.org/jira/browse/HIVE-12231?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14970294#comment-14970294
 ] 

WangMeng commented on HIVE-12231:
---------------------------------

[~thejas] Thanks for your detailed clarification.
However, if user has write permission on the external path which is used in 
creating external database, this check mechanism maybe a little inappropriate. 
User should own the right to create database in path which user owns write 
permission such as his own dir. How about checking the destination path of 
external database directly? In production environment, creating external 
database in permission dir is relative common.
Thanks.

> StorageBasedAuthorization requires write permission of default Warehouse when 
> create external database
> ------------------------------------------------------------------------------------------------------
>
>                 Key: HIVE-12231
>                 URL: https://issues.apache.org/jira/browse/HIVE-12231
>             Project: Hive
>          Issue Type: Bug
>    Affects Versions: 1.2.1
>            Reporter: WangMeng
>            Assignee: WangMeng
>         Attachments: HIVE-12231.01.patch
>
>
> Please look at the stacktrace, when enabled StorageBasedAuthorization, I set 
> external location to create database. However, it will also check write 
> permission of default warehouse "/user/hive/warehouse"  :
> > CREATE DATABASE test LOCATION  '/tmp/wangmeng/test'  ;
> Error: Error while compiling statement: FAILED: HiveException 
> java.security.AccessControlException: Permission denied: user=wangmeng, 
> access=WRITE, inode="/user/hive/warehouse":hive:hive:drwxr-x--t
>       at 
> org.apache.hadoop.hdfs.server.namenode.DefaultAuthorizationProvider.checkFsPermission(DefaultAuthorizationProvider.java:255)
>       at 
> org.apache.hadoop.hdfs.server.namenode.DefaultAuthorizationProvider.check(DefaultAuthorizationProvider.java:236)
>       at 
> org.apache.hadoop.hdfs.server.namenode.DefaultAuthorizationProvider.checkPermission(DefaultAuthorizationProvider.java:151)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to