You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hive.apache.org by "Eugene Koifman (JIRA)" <ji...@apache.org> on 2014/10/29 07:55:33 UTC

[jira] [Created] (HIVE-8643) DDL operations via WebHCat with doAs parameter in secure cluster fail

Eugene Koifman created HIVE-8643:
------------------------------------

             Summary: DDL operations via WebHCat with doAs parameter in secure cluster fail
                 Key: HIVE-8643
                 URL: https://issues.apache.org/jira/browse/HIVE-8643
             Project: Hive
          Issue Type: Bug
          Components: WebHCat
    Affects Versions: 0.14.0
            Reporter: Eugene Koifman
            Assignee: Eugene Koifman
            Priority: Critical


webhcat handles DDL command by forking to 'hcat', i.e. HCatCli
This starts a session.

SessionState.start() creates scratch dir based on current user name
via startSs.createSessionDirs(sessionUGI.getShortUserName());

This UGI is not aware of doAs param, so the name of the dir always ends up 'hcat', but because a delegation token is generated in WebHCat for HDFS access, the owner of the scratch dir is the calling user.  Thus next time a session is started (because of a new DDL call from different user), it ends up trying to use the same scratch dir but cannot as it has 700 permission set.

We need to pass in doAs user into SessionState



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)