You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@ambari.apache.org by "Hadoop QA (JIRA)" <ji...@apache.org> on 2017/11/14 16:53:00 UTC
[jira] [Commented] (AMBARI-22435) Hive services sets incorrect
permissions on the root of HDFS while setting up replication
[ https://issues.apache.org/jira/browse/AMBARI-22435?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16251716#comment-16251716 ]
Hadoop QA commented on AMBARI-22435:
------------------------------------
{color:red}-1 overall{color}. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12897443/AMBARI-22435-trunk.patch
against trunk revision .
{color:green}+1 @author{color}. The patch does not contain any @author tags.
{color:red}-1 tests included{color}. The patch doesn't appear to include any new or modified tests.
Please justify why no new tests are needed for this patch.
Also please list what manual steps were performed to verify this patch.
{color:green}+1 release audit{color}. The applied patch does not increase the total number of release audit warnings.
{color:green}+1 javac{color}. The applied patch does not increase the total number of javac compiler warnings.
{color:red}-1 core tests{color}. The test build failed in [ambari-server|https://builds.apache.org/job/Ambari-trunk-test-patch/12667//artifact/patch-work/testrun_ambari-server.txt]
Console output: https://builds.apache.org/job/Ambari-trunk-test-patch/12667//console
This message is automatically generated.
> Hive services sets incorrect permissions on the root of HDFS while setting up replication
> -----------------------------------------------------------------------------------------
>
> Key: AMBARI-22435
> URL: https://issues.apache.org/jira/browse/AMBARI-22435
> Project: Ambari
> Issue Type: Bug
> Components: ambari-server
> Affects Versions: 2.6.0
> Reporter: Deepesh Khandelwal
> Priority: Critical
> Fix For: trunk
>
> Attachments: AMBARI-22435-trunk.patch
>
>
> While starting Hive metastore or HiveServer2 observed that the hdfs audit log had the following entries:
> {noformat}
> 2017-11-14 01:48:03,682 INFO FSNamesystem.audit: allowed=true ugi=hdfs (auth:SIMPLE) ip=/172.27.70.128 cmd=getfileinfo src=/ dst=null perm=null proto=webhdfs
> 2017-11-14 01:48:03,745 INFO FSNamesystem.audit: allowed=true ugi=hdfs (auth:SIMPLE) ip=/172.27.70.128 cmd=setPermission src=/ dst=null perm=hdfs:hdfs:rwxrwxrwt proto=webhdfs
> 2017-11-14 01:48:03,809 INFO FSNamesystem.audit: allowed=true ugi=hdfs (auth:SIMPLE) ip=/172.27.70.128 cmd=setOwner src=/ dst=null perm=hive:hadoop:rwxrwxrwt proto=webhdfs
> 2017-11-14 01:48:04,126 INFO FSNamesystem.audit: allowed=true ugi=hdfs (auth:SIMPLE) ip=/172.27.70.128 cmd=getfileinfo src=/ dst=null perm=null proto=webhdfs
> 2017-11-14 01:48:04,189 INFO FSNamesystem.audit: allowed=true ugi=hdfs (auth:SIMPLE) ip=/172.27.70.128 cmd=setPermission src=/ dst=null perm=hive:hadoop:rwx------ proto=webhdfs
> {noformat}
> The consequence of this was that for any non-hdfs user you will see the following error running hadoop commands:
> {noformat}
> $ hadoop fs -ls /
> ls: Permission denied: user=root, access=READ_EXECUTE, inode="/":hive:hadoop:drwx------
> {noformat}
> On debugging this was happening due to incomplete null/empty check on params hive_repl_cmrootdir and hive_repl_rootdir in ambari/blob/trunk/ambari-server/src/main/resources/common-services/HIVE/2.1.0.3.0/package/scripts/hive.py.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)