You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hive.apache.org by "Eugene Koifman (JIRA)" <ji...@apache.org> on 2014/10/29 07:55:33 UTC
[jira] [Created] (HIVE-8643) DDL operations via WebHCat with doAs
parameter in secure cluster fail
Eugene Koifman created HIVE-8643:
------------------------------------
Summary: DDL operations via WebHCat with doAs parameter in secure cluster fail
Key: HIVE-8643
URL: https://issues.apache.org/jira/browse/HIVE-8643
Project: Hive
Issue Type: Bug
Components: WebHCat
Affects Versions: 0.14.0
Reporter: Eugene Koifman
Assignee: Eugene Koifman
Priority: Critical
webhcat handles DDL command by forking to 'hcat', i.e. HCatCli
This starts a session.
SessionState.start() creates scratch dir based on current user name
via startSs.createSessionDirs(sessionUGI.getShortUserName());
This UGI is not aware of doAs param, so the name of the dir always ends up 'hcat', but because a delegation token is generated in WebHCat for HDFS access, the owner of the scratch dir is the calling user. Thus next time a session is started (because of a new DDL call from different user), it ends up trying to use the same scratch dir but cannot as it has 700 permission set.
We need to pass in doAs user into SessionState
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)