You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hive.apache.org by "Venki Korukanti (JIRA)" <ji...@apache.org> on 2014/05/16 13:11:56 UTC
[jira] [Commented] (HIVE-6245) HS2 creates DBs/Tables with wrong
ownership when HMS setugi is true
[ https://issues.apache.org/jira/browse/HIVE-6245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13999506#comment-13999506 ]
Venki Korukanti commented on HIVE-6245:
---------------------------------------
This looks like still a problem on trunk. I tried on latest trunk. Problem seems be that {{sessionHive}} object in {{HiveSessionImplwithUGI}} is never initialized if the authentication mechanism is not {{KERBEROS}}. Currently {{sessionHive}} is initialized in {{HiveSessionImplwithUGI.setDelegationToken}} only if the delegation token is not null. Delegation token is not null when authentication mechanism is {{KERBEROS}}. As {{sessionHive}} is null when {{HiveSessionImplwithUGI.acquire()}} is called a {{Hive}} object with MetaStoreClient of this session user is not set. So whatever the worker thread has {{Hive}} object in its thread variable, it will get used.
To repro it consistently set the following parameters in hive-site.xml and restart hiveserver2. And try creating tables as two different users.
{code}
hive.server2.thrift.min.worker.threads=1;
hive.server2.thrift.max.worker.threads=1;
{code}
> HS2 creates DBs/Tables with wrong ownership when HMS setugi is true
> -------------------------------------------------------------------
>
> Key: HIVE-6245
> URL: https://issues.apache.org/jira/browse/HIVE-6245
> Project: Hive
> Issue Type: Bug
> Components: HiveServer2
> Affects Versions: 0.12.0
> Reporter: Chaoyu Tang
> Assignee: Chaoyu Tang
> Attachments: HIVE-6245.2.patch.txt, HIVE-6245.patch
>
>
> The case with following settings is valid but does not work correctly in current HS2:
> ==
> hive.server2.authentication=NONE (or LDAP)
> hive.server2.enable.doAs= true
> hive.metastore.sasl.enabled=false
> hive.metastore.execute.setugi=true
> ==
> Ideally, HS2 is able to impersonate the logged in user (from Beeline, or JDBC application) and create DBs/Tables with user's ownership.
--
This message was sent by Atlassian JIRA
(v6.2#6252)