[
https://issues.apache.org/jira/browse/TEZ-3422?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15458112#comment-15458112
]
Christoph Körner edited comment on TEZ-3422 at 9/2/16 10:06 AM:
----------------------------------------------------------------
Exactly, it is failing due to the restriction from ranger-acl. I created an
application user in ranger (with Hive Impersonation) who has restricted access
to only data/ and tmporary (yarn, mr, tez, etc.) folders on HDFS.
Interestingly, it first fails on
/hdp/apps/2.4.0.0-169/tez/tez.tar.gz
due to EXECUTE permission. When I then grant EXECUTE to /hdp/apps/*, it fails on
/hdp/apps
and so on, until finally it also fails on
/hdp
and also
/
due to EXECUTE permission.
was (Author: [email protected]):
Exactly, it is failing due to the restriction from ranger-acl.
Interestingly, it first fails on
/hdp/apps/2.4.0.0-169/tez/tez.tar.gz
due to EXECUTE permission. When I then grant EXECUTE to /hdp/apps/*, it fails on
/hdp/apps
and so on, until finally it also fails on
/hdp
and also
/
due to EXECUTE permission.
> TEZ performs EXECUTE on / (root directory)
> ------------------------------------------
>
> Key: TEZ-3422
> URL: https://issues.apache.org/jira/browse/TEZ-3422
> Project: Apache Tez
> Issue Type: Bug
> Affects Versions: 0.7.0
> Environment: HDP 2.4, TEZ 0.7.0.2.4
> Reporter: Christoph Körner
> Priority: Critical
> Labels: security
>
> When scheduling a TEZ job via beeline on Yarn, TEZ performs an EXECUTE
> operation on HDFS in the directories /hdp/apps, /hdp and / (root directory).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
