[jira] [Assigned] (HIVE-21532) RuntimeException due to AccessControlException during creating hive-staging-dir

2019-04-01 Thread Oleksandr Polishchuk (JIRA)


 [ 
https://issues.apache.org/jira/browse/HIVE-21532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Oleksandr Polishchuk reassigned HIVE-21532:
---

Assignee: Oleksiy Sayankin  (was: Oleksandr Polishchuk)

> RuntimeException due to AccessControlException during creating 
> hive-staging-dir
> ---
>
> Key: HIVE-21532
> URL: https://issues.apache.org/jira/browse/HIVE-21532
> Project: Hive
>  Issue Type: Bug
>Reporter: Oleksandr Polishchuk
>Assignee: Oleksiy Sayankin
>Priority: Minor
> Attachments: HIVE-21532.1.patch, HIVE-21532.1.patch, 
> HIVE-21532.2.patch
>
>
> The bug was found with environment - Hive-2.3.
> Steps lead to an exception:
> 1) Create user without root permissions on your node.
> 2) The {{hive-site.xml}} file has to contain the next properties:
> {code:java}
>  
>     hive.security.authorization.enabled
>   true
>   
>   
>    hive.security.authorization.manager
>  
> org.apache.hadoop.hive.ql.security.authorization.plugin.fallback.FallbackHiveAuthorizerFactory
>   
> {code}
> 3) Open Hive CLI and do next query:
> {code:java}
>  insert overwrite local directory '/tmp/test_dir' row format delimited fields 
> terminated by ',' select * from temp.test;
> {code}
> The previous query will fails with the next exception:
> {code:java}
> FAILED: RuntimeException Cannot create staging directory 
> 'hdfs:///tmp/test_dir/.hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1':
>  User testuser(user id 3456)  has been denied access to create 
> .hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1
> {code}
> The investigation shows that if delete the mentioned above properties from 
> {{hive-site.xml}} and pass {{`queryTmpdir`}} instead of {{`dest_path`}} in 
> the {{org.apache.hadoop.hive.ql.Context#getTempDirForPath()}} as was in the 
> Hive-2.1. everything will be fine. The current method is using in the 
> {{org.apache.hadoop.hive.ql.parse.SemanticAnalyzer}}  - {{String statsTmpLoc 
> = ctx.getTempDirForPath(dest_path).toString();}}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)


[jira] [Comment Edited] (HIVE-21532) RuntimeException due to AccessControlException during creating hive-staging-dir

2019-03-29 Thread Oleksandr Polishchuk (JIRA)


[ 
https://issues.apache.org/jira/browse/HIVE-21532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16803892#comment-16803892
 ] 

Oleksandr Polishchuk edited comment on HIVE-21532 at 3/29/19 12:43 PM:
---

*FIXED*

In Hive-2.3. See attached patch.

*ROOT CAUSE*

There was passed {{dest_path}} not a {{queryTmpdir}} as was in Hive-2.1. Some 
restrictions related with {{FallbackHiveAuthorizerFactory}}

*SOLUTION*

There was passed {{queryTmpdir}} instead of {{dest_path}} in the 
{{org.apache.hadoop.ql.parse.SemanticAnalyzer}}
{code:java}
String statsTmpLoc = ctx.getTempDirForPath(queryTmpdir).toString();

{code}
{{The properties {{hive.security.authorization.enabled}} and 
hive.security.authorization.manager were deleted from }}{{hive-site.xml}}.

*EFFECTS*
  - Created {{TmpDirForPath}}. 
  - Access is allowed for user without root permission


was (Author: polishchuk):
*FIXED*

In Hive-2.3. See attached patch.

*ROOT CAUSE*

There was passed {{dest_path}} not a {{queryTmpdir}} as was in Hive-2.1. Some 
restrictions related with {{FallbackHiveAuthorizerFactory}}

*SOLUTION*

There was passed {{queryTmpdir}} instead of {{dest_path}} in the 
{{org.apache.hadoop.ql.parse.SemanticAnalyzer}}
{code:java}
String statsTmpLoc = ctx.getTempDirForPath(queryTmpdir).toString();

{code}
{{The properties }}{{hive.security.authorization.enabled and 
hive.security.authorization.manager were deleted from }}{{hive-site.xml}}.

*EFFECTS*
  - Created {{TmpDirForPath}}. 
  - Access is allowed for user without root permission

> RuntimeException due to AccessControlException during creating 
> hive-staging-dir
> ---
>
> Key: HIVE-21532
> URL: https://issues.apache.org/jira/browse/HIVE-21532
> Project: Hive
>  Issue Type: Bug
>Reporter: Oleksandr Polishchuk
>Assignee: Oleksandr Polishchuk
>Priority: Minor
> Attachments: HIVE-21532.1.patch, HIVE-21532.1.patch, 
> HIVE-21532.2.patch
>
>
> The bug was found with environment - Hive-2.3.
> Steps lead to an exception:
> 1) Create user without root permissions on your node.
> 2) The {{hive-site.xml}} file has to contain the next properties:
> {code:java}
>  
>     hive.security.authorization.enabled
>   true
>   
>   
>    hive.security.authorization.manager
>  
> org.apache.hadoop.hive.ql.security.authorization.plugin.fallback.FallbackHiveAuthorizerFactory
>   
> {code}
> 3) Open Hive CLI and do next query:
> {code:java}
>  insert overwrite local directory '/tmp/test_dir' row format delimited fields 
> terminated by ',' select * from temp.test;
> {code}
> The previous query will fails with the next exception:
> {code:java}
> FAILED: RuntimeException Cannot create staging directory 
> 'hdfs:///tmp/test_dir/.hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1':
>  User testuser(user id 3456)  has been denied access to create 
> .hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1
> {code}
> The investigation shows that if delete the mentioned above properties from 
> {{hive-site.xml}} and pass {{`queryTmpdir`}} instead of {{`dest_path`}} in 
> the {{org.apache.hadoop.hive.ql.Context#getTempDirForPath()}} as was in the 
> Hive-2.1. everything will be fine. The current method is using in the 
> {{org.apache.hadoop.hive.ql.parse.SemanticAnalyzer}}  - {{String statsTmpLoc 
> = ctx.getTempDirForPath(dest_path).toString();}}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)


[jira] [Comment Edited] (HIVE-21532) RuntimeException due to AccessControlException during creating hive-staging-dir

2019-03-29 Thread Oleksandr Polishchuk (JIRA)


[ 
https://issues.apache.org/jira/browse/HIVE-21532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16803892#comment-16803892
 ] 

Oleksandr Polishchuk edited comment on HIVE-21532 at 3/29/19 12:43 PM:
---

*FIXED*

In Hive-2.3. See attached patch.

*ROOT CAUSE*

There was passed {{dest_path}} not a {{queryTmpdir}} as was in Hive-2.1. Some 
restrictions related with {{FallbackHiveAuthorizerFactory}}

*SOLUTION*

There was passed {{queryTmpdir}} instead of {{dest_path}} in the 
{{org.apache.hadoop.ql.parse.SemanticAnalyzer}}
{code:java}
String statsTmpLoc = ctx.getTempDirForPath(queryTmpdir).toString();

{code}
{{The properties hive.security.authorization.enabled}} and 
hive.security.authorization.manager were deleted from {{hive-site.xml}}.

*EFFECTS*
  - Created {{TmpDirForPath}}. 
  - Access is allowed for user without root permission


was (Author: polishchuk):
*FIXED*

In Hive-2.3. See attached patch.

*ROOT CAUSE*

There was passed {{dest_path}} not a {{queryTmpdir}} as was in Hive-2.1. Some 
restrictions related with {{FallbackHiveAuthorizerFactory}}

*SOLUTION*

There was passed {{queryTmpdir}} instead of {{dest_path}} in the 
{{org.apache.hadoop.ql.parse.SemanticAnalyzer}}
{code:java}
String statsTmpLoc = ctx.getTempDirForPath(queryTmpdir).toString();

{code}
{{The properties {{hive.security.authorization.enabled}} and 
hive.security.authorization.manager were deleted from }}{{hive-site.xml}}.

*EFFECTS*
  - Created {{TmpDirForPath}}. 
  - Access is allowed for user without root permission

> RuntimeException due to AccessControlException during creating 
> hive-staging-dir
> ---
>
> Key: HIVE-21532
> URL: https://issues.apache.org/jira/browse/HIVE-21532
> Project: Hive
>  Issue Type: Bug
>Reporter: Oleksandr Polishchuk
>Assignee: Oleksandr Polishchuk
>Priority: Minor
> Attachments: HIVE-21532.1.patch, HIVE-21532.1.patch, 
> HIVE-21532.2.patch
>
>
> The bug was found with environment - Hive-2.3.
> Steps lead to an exception:
> 1) Create user without root permissions on your node.
> 2) The {{hive-site.xml}} file has to contain the next properties:
> {code:java}
>  
>     hive.security.authorization.enabled
>   true
>   
>   
>    hive.security.authorization.manager
>  
> org.apache.hadoop.hive.ql.security.authorization.plugin.fallback.FallbackHiveAuthorizerFactory
>   
> {code}
> 3) Open Hive CLI and do next query:
> {code:java}
>  insert overwrite local directory '/tmp/test_dir' row format delimited fields 
> terminated by ',' select * from temp.test;
> {code}
> The previous query will fails with the next exception:
> {code:java}
> FAILED: RuntimeException Cannot create staging directory 
> 'hdfs:///tmp/test_dir/.hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1':
>  User testuser(user id 3456)  has been denied access to create 
> .hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1
> {code}
> The investigation shows that if delete the mentioned above properties from 
> {{hive-site.xml}} and pass {{`queryTmpdir`}} instead of {{`dest_path`}} in 
> the {{org.apache.hadoop.hive.ql.Context#getTempDirForPath()}} as was in the 
> Hive-2.1. everything will be fine. The current method is using in the 
> {{org.apache.hadoop.hive.ql.parse.SemanticAnalyzer}}  - {{String statsTmpLoc 
> = ctx.getTempDirForPath(dest_path).toString();}}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)


[jira] [Comment Edited] (HIVE-21532) RuntimeException due to AccessControlException during creating hive-staging-dir

2019-03-29 Thread Oleksandr Polishchuk (JIRA)


[ 
https://issues.apache.org/jira/browse/HIVE-21532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16803892#comment-16803892
 ] 

Oleksandr Polishchuk edited comment on HIVE-21532 at 3/29/19 12:42 PM:
---

*FIXED*

In Hive-2.3. See attached patch.

*ROOT CAUSE*

There was passed {{dest_path}} not a {{queryTmpdir}} as was in Hive-2.1. Some 
restrictions related with {{FallbackHiveAuthorizerFactory}}

*SOLUTION*

There was passed {{queryTmpdir}} instead of {{dest_path}} in the 
{{org.apache.hadoop.ql.parse.SemanticAnalyzer}}
{code:java}
String statsTmpLoc = ctx.getTempDirForPath(queryTmpdir).toString();

{code}
{{The properties }}{{hive.security.authorization.enabled and 
hive.security.authorization.manager were deleted from }}{{hive-site.xml}}.

*EFFECTS*
  - Created {{TmpDirForPath}}. 
  - Access is allowed for user without root permission


was (Author: polishchuk):
*FIXED*

In Hive-2.3. See attached patch.

*ROOT CAUSE*

There was passed {{dest_path}} not a {{queryTmpdir as was in Hive-2.1. Some 
restrictions related with }}{{FallbackHiveAuthorizerFactory }}

*SOLUTION*

There was passed {{queryTmpdir}} instead of {{dest_path}} in the 
{{org.apache.hadoop.ql.parse.SemanticAnalyzer}}

{code:java}

String statsTmpLoc = ctx.getTempDirForPath(queryTmpdir).toString();

{code}

{{The properties }}{{hive.security.authorization.enabled and 
hive.security.authorization.manager were deleted from }}{{hive-site.xml}}.


*EFFECTS*
 - Created {{TmpDirForPath}}. 
 - Access is allowed for user without root permission

> RuntimeException due to AccessControlException during creating 
> hive-staging-dir
> ---
>
> Key: HIVE-21532
> URL: https://issues.apache.org/jira/browse/HIVE-21532
> Project: Hive
>  Issue Type: Bug
>Reporter: Oleksandr Polishchuk
>Assignee: Oleksandr Polishchuk
>Priority: Minor
> Attachments: HIVE-21532.1.patch, HIVE-21532.1.patch, 
> HIVE-21532.2.patch
>
>
> The bug was found with environment - Hive-2.3.
> Steps lead to an exception:
> 1) Create user without root permissions on your node.
> 2) The {{hive-site.xml}} file has to contain the next properties:
> {code:java}
>  
>     hive.security.authorization.enabled
>   true
>   
>   
>    hive.security.authorization.manager
>  
> org.apache.hadoop.hive.ql.security.authorization.plugin.fallback.FallbackHiveAuthorizerFactory
>   
> {code}
> 3) Open Hive CLI and do next query:
> {code:java}
>  insert overwrite local directory '/tmp/test_dir' row format delimited fields 
> terminated by ',' select * from temp.test;
> {code}
> The previous query will fails with the next exception:
> {code:java}
> FAILED: RuntimeException Cannot create staging directory 
> 'hdfs:///tmp/test_dir/.hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1':
>  User testuser(user id 3456)  has been denied access to create 
> .hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1
> {code}
> The investigation shows that if delete the mentioned above properties from 
> {{hive-site.xml}} and pass {{`queryTmpdir`}} instead of {{`dest_path`}} in 
> the {{org.apache.hadoop.hive.ql.Context#getTempDirForPath()}} as was in the 
> Hive-2.1. everything will be fine. The current method is using in the 
> {{org.apache.hadoop.hive.ql.parse.SemanticAnalyzer}}  - {{String statsTmpLoc 
> = ctx.getTempDirForPath(dest_path).toString();}}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)


[jira] [Updated] (HIVE-21532) RuntimeException due to AccessControlException during creating hive-staging-dir

2019-03-29 Thread Oleksandr Polishchuk (JIRA)


 [ 
https://issues.apache.org/jira/browse/HIVE-21532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Oleksandr Polishchuk updated HIVE-21532:

Status: Patch Available  (was: In Progress)

> RuntimeException due to AccessControlException during creating 
> hive-staging-dir
> ---
>
> Key: HIVE-21532
> URL: https://issues.apache.org/jira/browse/HIVE-21532
> Project: Hive
>  Issue Type: Bug
>Reporter: Oleksandr Polishchuk
>Assignee: Oleksandr Polishchuk
>Priority: Minor
> Attachments: HIVE-21532.1.patch, HIVE-21532.1.patch, 
> HIVE-21532.2.patch
>
>
> The bug was found with environment - Hive-2.3.
> Steps lead to an exception:
> 1) Create user without root permissions on your node.
> 2) The {{hive-site.xml}} file has to contain the next properties:
> {code:java}
>  
>     hive.security.authorization.enabled
>   true
>   
>   
>    hive.security.authorization.manager
>  
> org.apache.hadoop.hive.ql.security.authorization.plugin.fallback.FallbackHiveAuthorizerFactory
>   
> {code}
> 3) Open Hive CLI and do next query:
> {code:java}
>  insert overwrite local directory '/tmp/test_dir' row format delimited fields 
> terminated by ',' select * from temp.test;
> {code}
> The previous query will fails with the next exception:
> {code:java}
> FAILED: RuntimeException Cannot create staging directory 
> 'hdfs:///tmp/test_dir/.hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1':
>  User testuser(user id 3456)  has been denied access to create 
> .hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1
> {code}
> The investigation shows that if delete the mentioned above properties from 
> {{hive-site.xml}} and pass {{`queryTmpdir`}} instead of {{`dest_path`}} in 
> the {{org.apache.hadoop.hive.ql.Context#getTempDirForPath()}} as was in the 
> Hive-2.1. everything will be fine. The current method is using in the 
> {{org.apache.hadoop.hive.ql.parse.SemanticAnalyzer}}  - {{String statsTmpLoc 
> = ctx.getTempDirForPath(dest_path).toString();}}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)


[jira] [Assigned] (HIVE-21532) RuntimeException due to AccessControlException during creating hive-staging-dir

2019-03-29 Thread Oleksandr Polishchuk (JIRA)


 [ 
https://issues.apache.org/jira/browse/HIVE-21532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Oleksandr Polishchuk reassigned HIVE-21532:
---

Assignee: Oleksandr Polishchuk

> RuntimeException due to AccessControlException during creating 
> hive-staging-dir
> ---
>
> Key: HIVE-21532
> URL: https://issues.apache.org/jira/browse/HIVE-21532
> Project: Hive
>  Issue Type: Bug
>Reporter: Oleksandr Polishchuk
>Assignee: Oleksandr Polishchuk
>Priority: Minor
> Attachments: HIVE-21532.1.patch, HIVE-21532.1.patch, 
> HIVE-21532.2.patch
>
>
> The bug was found with environment - Hive-2.3.
> Steps lead to an exception:
> 1) Create user without root permissions on your node.
> 2) The {{hive-site.xml}} file has to contain the next properties:
> {code:java}
>  
>     hive.security.authorization.enabled
>   true
>   
>   
>    hive.security.authorization.manager
>  
> org.apache.hadoop.hive.ql.security.authorization.plugin.fallback.FallbackHiveAuthorizerFactory
>   
> {code}
> 3) Open Hive CLI and do next query:
> {code:java}
>  insert overwrite local directory '/tmp/test_dir' row format delimited fields 
> terminated by ',' select * from temp.test;
> {code}
> The previous query will fails with the next exception:
> {code:java}
> FAILED: RuntimeException Cannot create staging directory 
> 'hdfs:///tmp/test_dir/.hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1':
>  User testuser(user id 3456)  has been denied access to create 
> .hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1
> {code}
> The investigation shows that if delete the mentioned above properties from 
> {{hive-site.xml}} and pass {{`queryTmpdir`}} instead of {{`dest_path`}} in 
> the {{org.apache.hadoop.hive.ql.Context#getTempDirForPath()}} as was in the 
> Hive-2.1. everything will be fine. The current method is using in the 
> {{org.apache.hadoop.hive.ql.parse.SemanticAnalyzer}}  - {{String statsTmpLoc 
> = ctx.getTempDirForPath(dest_path).toString();}}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)


[jira] [Updated] (HIVE-21532) RuntimeException due to AccessControlException during creating hive-staging-dir

2019-03-29 Thread Oleksandr Polishchuk (JIRA)


 [ 
https://issues.apache.org/jira/browse/HIVE-21532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Oleksandr Polishchuk updated HIVE-21532:

Status: In Progress  (was: Patch Available)

> RuntimeException due to AccessControlException during creating 
> hive-staging-dir
> ---
>
> Key: HIVE-21532
> URL: https://issues.apache.org/jira/browse/HIVE-21532
> Project: Hive
>  Issue Type: Bug
>Reporter: Oleksandr Polishchuk
>Priority: Minor
> Attachments: HIVE-21532.1.patch, HIVE-21532.1.patch, 
> HIVE-21532.2.patch
>
>
> The bug was found with environment - Hive-2.3.
> Steps lead to an exception:
> 1) Create user without root permissions on your node.
> 2) The {{hive-site.xml}} file has to contain the next properties:
> {code:java}
>  
>     hive.security.authorization.enabled
>   true
>   
>   
>    hive.security.authorization.manager
>  
> org.apache.hadoop.hive.ql.security.authorization.plugin.fallback.FallbackHiveAuthorizerFactory
>   
> {code}
> 3) Open Hive CLI and do next query:
> {code:java}
>  insert overwrite local directory '/tmp/test_dir' row format delimited fields 
> terminated by ',' select * from temp.test;
> {code}
> The previous query will fails with the next exception:
> {code:java}
> FAILED: RuntimeException Cannot create staging directory 
> 'hdfs:///tmp/test_dir/.hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1':
>  User testuser(user id 3456)  has been denied access to create 
> .hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1
> {code}
> The investigation shows that if delete the mentioned above properties from 
> {{hive-site.xml}} and pass {{`queryTmpdir`}} instead of {{`dest_path`}} in 
> the {{org.apache.hadoop.hive.ql.Context#getTempDirForPath()}} as was in the 
> Hive-2.1. everything will be fine. The current method is using in the 
> {{org.apache.hadoop.hive.ql.parse.SemanticAnalyzer}}  - {{String statsTmpLoc 
> = ctx.getTempDirForPath(dest_path).toString();}}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)


[jira] [Updated] (HIVE-21532) RuntimeException due to AccessControlException during creating hive-staging-dir

2019-03-29 Thread Oleksandr Polishchuk (JIRA)


 [ 
https://issues.apache.org/jira/browse/HIVE-21532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Oleksandr Polishchuk updated HIVE-21532:

Attachment: HIVE-21532.2.patch

> RuntimeException due to AccessControlException during creating 
> hive-staging-dir
> ---
>
> Key: HIVE-21532
> URL: https://issues.apache.org/jira/browse/HIVE-21532
> Project: Hive
>  Issue Type: Bug
>Reporter: Oleksandr Polishchuk
>Priority: Minor
> Attachments: HIVE-21532.1.patch, HIVE-21532.1.patch, 
> HIVE-21532.2.patch
>
>
> The bug was found with environment - Hive-2.3.
> Steps lead to an exception:
> 1) Create user without root permissions on your node.
> 2) The {{hive-site.xml}} file has to contain the next properties:
> {code:java}
>  
>     hive.security.authorization.enabled
>   true
>   
>   
>    hive.security.authorization.manager
>  
> org.apache.hadoop.hive.ql.security.authorization.plugin.fallback.FallbackHiveAuthorizerFactory
>   
> {code}
> 3) Open Hive CLI and do next query:
> {code:java}
>  insert overwrite local directory '/tmp/test_dir' row format delimited fields 
> terminated by ',' select * from temp.test;
> {code}
> The previous query will fails with the next exception:
> {code:java}
> FAILED: RuntimeException Cannot create staging directory 
> 'hdfs:///tmp/test_dir/.hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1':
>  User testuser(user id 3456)  has been denied access to create 
> .hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1
> {code}
> The investigation shows that if delete the mentioned above properties from 
> {{hive-site.xml}} and pass {{`queryTmpdir`}} instead of {{`dest_path`}} in 
> the {{org.apache.hadoop.hive.ql.Context#getTempDirForPath()}} as was in the 
> Hive-2.1. everything will be fine. The current method is using in the 
> {{org.apache.hadoop.hive.ql.parse.SemanticAnalyzer}}  - {{String statsTmpLoc 
> = ctx.getTempDirForPath(dest_path).toString();}}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)


[jira] [Updated] (HIVE-21532) RuntimeException due to AccessControlException during creating hive-staging-dir

2019-03-28 Thread Oleksandr Polishchuk (JIRA)


 [ 
https://issues.apache.org/jira/browse/HIVE-21532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Oleksandr Polishchuk updated HIVE-21532:

Attachment: (was: 
Opportunity_to_do_next_query_(insert_overwrite_local_directory_'_tmp_test_dir'_row_format_.patch)

> RuntimeException due to AccessControlException during creating 
> hive-staging-dir
> ---
>
> Key: HIVE-21532
> URL: https://issues.apache.org/jira/browse/HIVE-21532
> Project: Hive
>  Issue Type: Bug
>Reporter: Oleksandr Polishchuk
>Priority: Minor
> Attachments: HIVE-21532.1.patch, HIVE-21532.1.patch
>
>
> The bug was found with environment - Hive-2.3.
> Steps lead to an exception:
> 1) Create user without root permissions on your node.
> 2) The {{hive-site.xml}} file has to contain the next properties:
> {code:java}
>  
>     hive.security.authorization.enabled
>   true
>   
>   
>    hive.security.authorization.manager
>  
> org.apache.hadoop.hive.ql.security.authorization.plugin.fallback.FallbackHiveAuthorizerFactory
>   
> {code}
> 3) Open Hive CLI and do next query:
> {code:java}
>  insert overwrite local directory '/tmp/test_dir' row format delimited fields 
> terminated by ',' select * from temp.test;
> {code}
> The previous query will fails with the next exception:
> {code:java}
> FAILED: RuntimeException Cannot create staging directory 
> 'hdfs:///tmp/test_dir/.hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1':
>  User testuser(user id 3456)  has been denied access to create 
> .hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1
> {code}
> The investigation shows that if delete the mentioned above properties from 
> {{hive-site.xml}} and pass {{`queryTmpdir`}} instead of {{`dest_path`}} in 
> the {{org.apache.hadoop.hive.ql.Context#getTempDirForPath()}} as was in the 
> Hive-2.1. everything will be fine. The current method is using in the 
> {{org.apache.hadoop.hive.ql.parse.SemanticAnalyzer}}  - {{String statsTmpLoc 
> = ctx.getTempDirForPath(dest_path).toString();}}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)


[jira] [Updated] (HIVE-21532) RuntimeException due to AccessControlException during creating hive-staging-dir

2019-03-28 Thread Oleksandr Polishchuk (JIRA)


 [ 
https://issues.apache.org/jira/browse/HIVE-21532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Oleksandr Polishchuk updated HIVE-21532:

Attachment: HIVE-21532.1.patch
Status: Patch Available  (was: Open)

> RuntimeException due to AccessControlException during creating 
> hive-staging-dir
> ---
>
> Key: HIVE-21532
> URL: https://issues.apache.org/jira/browse/HIVE-21532
> Project: Hive
>  Issue Type: Bug
>Reporter: Oleksandr Polishchuk
>Priority: Minor
> Attachments: HIVE-21532.1.patch, HIVE-21532.1.patch
>
>
> The bug was found with environment - Hive-2.3.
> Steps lead to an exception:
> 1) Create user without root permissions on your node.
> 2) The {{hive-site.xml}} file has to contain the next properties:
> {code:java}
>  
>     hive.security.authorization.enabled
>   true
>   
>   
>    hive.security.authorization.manager
>  
> org.apache.hadoop.hive.ql.security.authorization.plugin.fallback.FallbackHiveAuthorizerFactory
>   
> {code}
> 3) Open Hive CLI and do next query:
> {code:java}
>  insert overwrite local directory '/tmp/test_dir' row format delimited fields 
> terminated by ',' select * from temp.test;
> {code}
> The previous query will fails with the next exception:
> {code:java}
> FAILED: RuntimeException Cannot create staging directory 
> 'hdfs:///tmp/test_dir/.hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1':
>  User testuser(user id 3456)  has been denied access to create 
> .hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1
> {code}
> The investigation shows that if delete the mentioned above properties from 
> {{hive-site.xml}} and pass {{`queryTmpdir`}} instead of {{`dest_path`}} in 
> the {{org.apache.hadoop.hive.ql.Context#getTempDirForPath()}} as was in the 
> Hive-2.1. everything will be fine. The current method is using in the 
> {{org.apache.hadoop.hive.ql.parse.SemanticAnalyzer}}  - {{String statsTmpLoc 
> = ctx.getTempDirForPath(dest_path).toString();}}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)


[jira] [Updated] (HIVE-21532) RuntimeException due to AccessControlException during creating hive-staging-dir

2019-03-28 Thread Oleksandr Polishchuk (JIRA)


 [ 
https://issues.apache.org/jira/browse/HIVE-21532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Oleksandr Polishchuk updated HIVE-21532:

Attachment: HIVE-21532.1.patch

> RuntimeException due to AccessControlException during creating 
> hive-staging-dir
> ---
>
> Key: HIVE-21532
> URL: https://issues.apache.org/jira/browse/HIVE-21532
> Project: Hive
>  Issue Type: Bug
>Reporter: Oleksandr Polishchuk
>Priority: Minor
> Attachments: HIVE-21532.1.patch, HIVE-21532.1.patch
>
>
> The bug was found with environment - Hive-2.3.
> Steps lead to an exception:
> 1) Create user without root permissions on your node.
> 2) The {{hive-site.xml}} file has to contain the next properties:
> {code:java}
>  
>     hive.security.authorization.enabled
>   true
>   
>   
>    hive.security.authorization.manager
>  
> org.apache.hadoop.hive.ql.security.authorization.plugin.fallback.FallbackHiveAuthorizerFactory
>   
> {code}
> 3) Open Hive CLI and do next query:
> {code:java}
>  insert overwrite local directory '/tmp/test_dir' row format delimited fields 
> terminated by ',' select * from temp.test;
> {code}
> The previous query will fails with the next exception:
> {code:java}
> FAILED: RuntimeException Cannot create staging directory 
> 'hdfs:///tmp/test_dir/.hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1':
>  User testuser(user id 3456)  has been denied access to create 
> .hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1
> {code}
> The investigation shows that if delete the mentioned above properties from 
> {{hive-site.xml}} and pass {{`queryTmpdir`}} instead of {{`dest_path`}} in 
> the {{org.apache.hadoop.hive.ql.Context#getTempDirForPath()}} as was in the 
> Hive-2.1. everything will be fine. The current method is using in the 
> {{org.apache.hadoop.hive.ql.parse.SemanticAnalyzer}}  - {{String statsTmpLoc 
> = ctx.getTempDirForPath(dest_path).toString();}}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)


[jira] [Updated] (HIVE-21532) RuntimeException due to AccessControlException during creating hive-staging-dir

2019-03-28 Thread Oleksandr Polishchuk (JIRA)


 [ 
https://issues.apache.org/jira/browse/HIVE-21532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Oleksandr Polishchuk updated HIVE-21532:

Attachment: 
Opportunity_to_do_next_query_(insert_overwrite_local_directory_'_tmp_test_dir'_row_format_.patch

> RuntimeException due to AccessControlException during creating 
> hive-staging-dir
> ---
>
> Key: HIVE-21532
> URL: https://issues.apache.org/jira/browse/HIVE-21532
> Project: Hive
>  Issue Type: Bug
>Reporter: Oleksandr Polishchuk
>Priority: Minor
> Attachments: 
> Opportunity_to_do_next_query_(insert_overwrite_local_directory_'_tmp_test_dir'_row_format_.patch
>
>
> The bug was found with environment - Hive-2.3.
> Steps lead to an exception:
> 1) Create user without root permissions on your node.
> 2) The {{hive-site.xml}} file has to contain the next properties:
> {code:java}
>  
>     hive.security.authorization.enabled
>   true
>   
>   
>    hive.security.authorization.manager
>  
> org.apache.hadoop.hive.ql.security.authorization.plugin.fallback.FallbackHiveAuthorizerFactory
>   
> {code}
> 3) Open Hive CLI and do next query:
> {code:java}
>  insert overwrite local directory '/tmp/test_dir' row format delimited fields 
> terminated by ',' select * from temp.test;
> {code}
> The previous query will fails with the next exception:
> {code:java}
> FAILED: RuntimeException Cannot create staging directory 
> 'hdfs:///tmp/test_dir/.hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1':
>  User testuser(user id 3456)  has been denied access to create 
> .hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1
> {code}
> The investigation shows that if delete the mentioned above properties from 
> {{hive-site.xml}} and pass {{`queryTmpdir`}} instead of {{`dest_path`}} in 
> the {{org.apache.hadoop.hive.ql.Context#getTempDirForPath()}} as was in the 
> Hive-2.1. everything will be fine. The current method is using in the 
> {{org.apache.hadoop.hive.ql.parse.SemanticAnalyzer}}  - {{String statsTmpLoc 
> = ctx.getTempDirForPath(dest_path).toString();}}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)


[jira] [Commented] (HIVE-21532) RuntimeException due to AccessControlException during creating hive-staging-dir

2019-03-28 Thread Oleksandr Polishchuk (JIRA)


[ 
https://issues.apache.org/jira/browse/HIVE-21532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16803892#comment-16803892
 ] 

Oleksandr Polishchuk commented on HIVE-21532:
-

*FIXED*

In Hive-2.3. See attached patch.

*ROOT CAUSE*

There was passed {{dest_path}} not a {{queryTmpdir as was in Hive-2.1. Some 
restrictions related with }}{{FallbackHiveAuthorizerFactory }}

*SOLUTION*

There was passed {{queryTmpdir}} instead of {{dest_path}} in the 
{{org.apache.hadoop.ql.parse.SemanticAnalyzer}}

{code:java}

String statsTmpLoc = ctx.getTempDirForPath(queryTmpdir).toString();

{code}

{{The properties }}{{hive.security.authorization.enabled and 
hive.security.authorization.manager were deleted from }}{{hive-site.xml}}.


*EFFECTS*
 - Created {{TmpDirForPath}}. 
 - Access is allowed for user without root permission

> RuntimeException due to AccessControlException during creating 
> hive-staging-dir
> ---
>
> Key: HIVE-21532
> URL: https://issues.apache.org/jira/browse/HIVE-21532
> Project: Hive
>  Issue Type: Bug
>Reporter: Oleksandr Polishchuk
>Priority: Minor
>
> The bug was found with environment - Hive-2.3.
> Steps lead to an exception:
> 1) Create user without root permissions on your node.
> 2) The {{hive-site.xml}} file has to contain the next properties:
> {code:java}
>  
>     hive.security.authorization.enabled
>   true
>   
>   
>    hive.security.authorization.manager
>  
> org.apache.hadoop.hive.ql.security.authorization.plugin.fallback.FallbackHiveAuthorizerFactory
>   
> {code}
> 3) Open Hive CLI and do next query:
> {code:java}
>  insert overwrite local directory '/tmp/test_dir' row format delimited fields 
> terminated by ',' select * from temp.test;
> {code}
> The previous query will fails with the next exception:
> {code:java}
> FAILED: RuntimeException Cannot create staging directory 
> 'hdfs:///tmp/test_dir/.hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1':
>  User testuser(user id 3456)  has been denied access to create 
> .hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1
> {code}
> The investigation shows that if delete the mentioned above properties from 
> {{hive-site.xml}} and pass {{`queryTmpdir`}} instead of {{`dest_path`}} in 
> the {{org.apache.hadoop.hive.ql.Context#getTempDirForPath()}} as was in the 
> Hive-2.1. everything will be fine. The current method is using in the 
> {{org.apache.hadoop.hive.ql.parse.SemanticAnalyzer}}  - {{String statsTmpLoc 
> = ctx.getTempDirForPath(dest_path).toString();}}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)