You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hive.apache.org by "Venki Korukanti (JIRA)" <ji...@apache.org> on 2014/05/16 13:11:56 UTC

[jira] [Commented] (HIVE-6245) HS2 creates DBs/Tables with wrong ownership when HMS setugi is true

    [ https://issues.apache.org/jira/browse/HIVE-6245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13999506#comment-13999506 ] 

Venki Korukanti commented on HIVE-6245:
---------------------------------------

This looks like still a problem on trunk. I tried on latest trunk. Problem seems be that {{sessionHive}} object in {{HiveSessionImplwithUGI}} is never initialized if the authentication mechanism is not {{KERBEROS}}. Currently {{sessionHive}} is initialized in {{HiveSessionImplwithUGI.setDelegationToken}} only if the delegation token is not null. Delegation token is not null when authentication mechanism is {{KERBEROS}}. As {{sessionHive}} is null when {{HiveSessionImplwithUGI.acquire()}} is called a {{Hive}} object with MetaStoreClient of this session user is not set. So whatever the worker thread has {{Hive}} object in its thread variable, it will get used.

To repro it consistently set the following parameters in hive-site.xml and restart hiveserver2. And try creating tables as two different users.
{code}
hive.server2.thrift.min.worker.threads=1;
hive.server2.thrift.max.worker.threads=1;
{code}

> HS2 creates DBs/Tables with wrong ownership when HMS setugi is true
> -------------------------------------------------------------------
>
>                 Key: HIVE-6245
>                 URL: https://issues.apache.org/jira/browse/HIVE-6245
>             Project: Hive
>          Issue Type: Bug
>          Components: HiveServer2
>    Affects Versions: 0.12.0
>            Reporter: Chaoyu Tang
>            Assignee: Chaoyu Tang
>         Attachments: HIVE-6245.2.patch.txt, HIVE-6245.patch
>
>
> The case with following settings is valid but does not work correctly in current HS2:
> ==
> hive.server2.authentication=NONE (or LDAP)
> hive.server2.enable.doAs= true
> hive.metastore.sasl.enabled=false
> hive.metastore.execute.setugi=true
> ==
> Ideally, HS2 is able to impersonate the logged in user (from Beeline, or JDBC application) and create DBs/Tables with user's ownership.



--
This message was sent by Atlassian JIRA
(v6.2#6252)