You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hive.apache.org by "Dong Chen (JIRA)" <ji...@apache.org> on 2014/09/02 10:56:21 UTC

[jira] [Commented] (HIVE-7890) SessionState creates HMS Client while not impersonating

    [ https://issues.apache.org/jira/browse/HIVE-7890?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14118044#comment-14118044 ] 

Dong Chen commented on HIVE-7890:
---------------------------------

The patch looks good! Thanks. It ensure MSC is created as an impersonated user.

> SessionState creates HMS Client while not impersonating
> -------------------------------------------------------
>
>                 Key: HIVE-7890
>                 URL: https://issues.apache.org/jira/browse/HIVE-7890
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Brock Noland
>            Assignee: Brock Noland
>         Attachments: HIVE-7890.2.patch
>
>
> In SessionState.start [an instance of the the HMSClient is created|https://github.com/apache/hive/blob/trunk/ql/src/java/org/apache/hadoop/hive/ql/session/SessionState.java#L367]. When impersonation is enabled, this call does not occur within a "doas" call and thus the HMSClient is created as the server user, not the impersonated user.
> Thus calls to the HMS are made by the "hive" user as opposed to the end user. This causes file ownership such as a database directory owner to be incorrect. While debugging this, I got stack trace below. As you can see we are calling getMSC without a doas.
> {noformat}
> 	at org.apache.hadoop.hive.ql.metadata.Hive.getMSC(Hive.java:2474)
> 	at org.apache.hadoop.hive.ql.session.SessionState.start(SessionState.java:367)
> 	at org.apache.hive.service.cli.session.HiveSessionImpl.<init>(HiveSessionImpl.java:121)
> 	at org.apache.hive.service.cli.session.HiveSessionImplwithUGI.<init>(HiveSessionImplwithUGI.java:49)
> 	at org.apache.hive.service.cli.session.SessionManager.openSession(SessionManager.java:130)
> 	at org.apache.hive.service.cli.CLIService.openSessionWithImpersonation(CLIService.java:163)
> 	at org.apache.hive.service.cli.thrift.ThriftCLIService.getSessionHandle(ThriftCLIService.java:290)
> 	at org.apache.hive.service.cli.thrift.ThriftCLIService.OpenSession(ThriftCLIService.java:208)
> 	at org.apache.hive.service.cli.thrift.TCLIService$Processor$OpenSession.getResult(TCLIService.java:1313)
> 	at org.apache.hive.service.cli.thrift.TCLIService$Processor$OpenSession.getResult(TCLIService.java:1298)
> 	at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39)
> 	at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
> 	at org.apache.hive.service.auth.TSetIpAddressProcessor.process(TSetIpAddressProcessor.java:55)
> 	at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:244)
> 	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
> 	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
> 	at java.lang.Thread.run(Thread.java:744)
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)