[jira] [Updated] (HIVE-7890) SessionState creates HMS Client while not impersonating
[
https://issues.apache.org/jira/browse/HIVE-7890?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brock Noland updated HIVE-7890:
---
Resolution: Fixed
Fix Version/s: 0.14.0
Status: Resolved (was: Patch Available)
SessionState creates HMS Client while not impersonating
---
Key: HIVE-7890
URL: https://issues.apache.org/jira/browse/HIVE-7890
Project: Hive
Issue Type: Bug
Reporter: Brock Noland
Assignee: Brock Noland
Fix For: 0.14.0
Attachments: HIVE-7890.2.patch
In SessionState.start [an instance of the the HMSClient is
created|https://github.com/apache/hive/blob/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java#L367].
When impersonation is enabled, this call does not occur within a doas call
and thus the HMSClient is created as the server user, not the impersonated
user.
Thus calls to the HMS are made by the hive user as opposed to the end user.
This causes file ownership such as a database directory owner to be
incorrect. While debugging this, I got stack trace below. As you can see we
are calling getMSC without a doas.
{noformat}
at org.apache.hadoop.hive.ql.metadata.Hive.getMSC(Hive.java:2474)
at
org.apache.hadoop.hive.ql.session.SessionState.start(SessionState.java:367)
at
org.apache.hive.service.cli.session.HiveSessionImpl.init(HiveSessionImpl.java:121)
at
org.apache.hive.service.cli.session.HiveSessionImplwithUGI.init(HiveSessionImplwithUGI.java:49)
at
org.apache.hive.service.cli.session.SessionManager.openSession(SessionManager.java:130)
at
org.apache.hive.service.cli.CLIService.openSessionWithImpersonation(CLIService.java:163)
at
org.apache.hive.service.cli.thrift.ThriftCLIService.getSessionHandle(ThriftCLIService.java:290)
at
org.apache.hive.service.cli.thrift.ThriftCLIService.OpenSession(ThriftCLIService.java:208)
at
org.apache.hive.service.cli.thrift.TCLIService$Processor$OpenSession.getResult(TCLIService.java:1313)
at
org.apache.hive.service.cli.thrift.TCLIService$Processor$OpenSession.getResult(TCLIService.java:1298)
at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39)
at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
at
org.apache.hive.service.auth.TSetIpAddressProcessor.process(TSetIpAddressProcessor.java:55)
at
org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:244)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
{noformat}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
[jira] [Updated] (HIVE-7890) SessionState creates HMS Client while not impersonating
[ https://issues.apache.org/jira/browse/HIVE-7890?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Brock Noland updated HIVE-7890: --- Assignee: Brock Noland Status: Patch Available (was: Open) SessionState creates HMS Client while not impersonating --- Key: HIVE-7890 URL: https://issues.apache.org/jira/browse/HIVE-7890 Project: Hive Issue Type: Bug Reporter: Brock Noland Assignee: Brock Noland Attachments: HIVE-7890.2.patch In SessionState.start [an instance of the the HMSClient is created|https://github.com/apache/hive/blob/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java#L367]. When impersonation is enabled, this call does not occur within a doas call and thus the HMSClient is created as the server user, not the impersonated user. Thus calls to the HMS are made by the hive user as opposed to the end user. This causes file ownership such as a database directory owner to be incorrect. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (HIVE-7890) SessionState creates HMS Client while not impersonating
[ https://issues.apache.org/jira/browse/HIVE-7890?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Brock Noland updated HIVE-7890: --- Summary: SessionState creates HMS Client while not impersonating (was: SessionStart creates HMS Client while not impersonating) SessionState creates HMS Client while not impersonating --- Key: HIVE-7890 URL: https://issues.apache.org/jira/browse/HIVE-7890 Project: Hive Issue Type: Bug Reporter: Brock Noland Attachments: HIVE-7890.2.patch In SessionState.start [an instance of the the HMSClient is created|https://github.com/apache/hive/blob/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java#L367]. When impersonation is enabled, this call does not occur within a doas call and thus the HMSClient is created as the server user, not the impersonated user. Thus calls to the HMS are made by the hive user as opposed to the end user. This causes file ownership such as a database directory owner to be incorrect. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (HIVE-7890) SessionState creates HMS Client while not impersonating
[ https://issues.apache.org/jira/browse/HIVE-7890?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Brock Noland updated HIVE-7890: --- Attachment: HIVE-7890.2.patch SessionState creates HMS Client while not impersonating --- Key: HIVE-7890 URL: https://issues.apache.org/jira/browse/HIVE-7890 Project: Hive Issue Type: Bug Reporter: Brock Noland Attachments: HIVE-7890.2.patch In SessionState.start [an instance of the the HMSClient is created|https://github.com/apache/hive/blob/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java#L367]. When impersonation is enabled, this call does not occur within a doas call and thus the HMSClient is created as the server user, not the impersonated user. Thus calls to the HMS are made by the hive user as opposed to the end user. This causes file ownership such as a database directory owner to be incorrect. -- This message was sent by Atlassian JIRA (v6.2#6252)
[jira] [Updated] (HIVE-7890) SessionState creates HMS Client while not impersonating
[
https://issues.apache.org/jira/browse/HIVE-7890?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Brock Noland updated HIVE-7890:
---
Description:
In SessionState.start [an instance of the the HMSClient is
created|https://github.com/apache/hive/blob/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java#L367].
When impersonation is enabled, this call does not occur within a doas call
and thus the HMSClient is created as the server user, not the impersonated user.
Thus calls to the HMS are made by the hive user as opposed to the end user.
This causes file ownership such as a database directory owner to be incorrect.
While debugging this, I got stack trace below. As you can see we are calling
getMSC without a doas.
{noformat}
at org.apache.hadoop.hive.ql.metadata.Hive.getMSC(Hive.java:2474)
at
org.apache.hadoop.hive.ql.session.SessionState.start(SessionState.java:367)
at
org.apache.hive.service.cli.session.HiveSessionImpl.init(HiveSessionImpl.java:121)
at
org.apache.hive.service.cli.session.HiveSessionImplwithUGI.init(HiveSessionImplwithUGI.java:49)
at
org.apache.hive.service.cli.session.SessionManager.openSession(SessionManager.java:130)
at
org.apache.hive.service.cli.CLIService.openSessionWithImpersonation(CLIService.java:163)
at
org.apache.hive.service.cli.thrift.ThriftCLIService.getSessionHandle(ThriftCLIService.java:290)
at
org.apache.hive.service.cli.thrift.ThriftCLIService.OpenSession(ThriftCLIService.java:208)
at
org.apache.hive.service.cli.thrift.TCLIService$Processor$OpenSession.getResult(TCLIService.java:1313)
at
org.apache.hive.service.cli.thrift.TCLIService$Processor$OpenSession.getResult(TCLIService.java:1298)
at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39)
at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
at
org.apache.hive.service.auth.TSetIpAddressProcessor.process(TSetIpAddressProcessor.java:55)
at
org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:244)
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:744)
{noformat}
was:
In SessionState.start [an instance of the the HMSClient is
created|https://github.com/apache/hive/blob/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java#L367].
When impersonation is enabled, this call does not occur within a doas call
and thus the HMSClient is created as the server user, not the impersonated user.
Thus calls to the HMS are made by the hive user as opposed to the end user.
This causes file ownership such as a database directory owner to be incorrect.
SessionState creates HMS Client while not impersonating
---
Key: HIVE-7890
URL: https://issues.apache.org/jira/browse/HIVE-7890
Project: Hive
Issue Type: Bug
Reporter: Brock Noland
Assignee: Brock Noland
Attachments: HIVE-7890.2.patch
In SessionState.start [an instance of the the HMSClient is
created|https://github.com/apache/hive/blob/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java#L367].
When impersonation is enabled, this call does not occur within a doas call
and thus the HMSClient is created as the server user, not the impersonated
user.
Thus calls to the HMS are made by the hive user as opposed to the end user.
This causes file ownership such as a database directory owner to be
incorrect. While debugging this, I got stack trace below. As you can see we
are calling getMSC without a doas.
{noformat}
at org.apache.hadoop.hive.ql.metadata.Hive.getMSC(Hive.java:2474)
at
org.apache.hadoop.hive.ql.session.SessionState.start(SessionState.java:367)
at
org.apache.hive.service.cli.session.HiveSessionImpl.init(HiveSessionImpl.java:121)
at
org.apache.hive.service.cli.session.HiveSessionImplwithUGI.init(HiveSessionImplwithUGI.java:49)
at
org.apache.hive.service.cli.session.SessionManager.openSession(SessionManager.java:130)
at
org.apache.hive.service.cli.CLIService.openSessionWithImpersonation(CLIService.java:163)
at
org.apache.hive.service.cli.thrift.ThriftCLIService.getSessionHandle(ThriftCLIService.java:290)
at
org.apache.hive.service.cli.thrift.ThriftCLIService.OpenSession(ThriftCLIService.java:208)
at
org.apache.hive.service.cli.thrift.TCLIService$Processor$OpenSession.getResult(TCLIService.java:1313)
at
org.apache.hive.service.cli.thrift.TCLIService$Processor$OpenSession.getResult(TCLIService.java:1298)
at
