You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hive.apache.org by "Todd Lipcon (JIRA)" <ji...@apache.org> on 2010/09/02 01:04:54 UTC

[jira] Commented: (HIVE-1476) Hive's metastore when run as a thrift service creates directories as the service user instead of the real user issuing create table/alter table etc.

    [ https://issues.apache.org/jira/browse/HIVE-1476?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12905299#action_12905299 ] 

Todd Lipcon commented on HIVE-1476:
-----------------------------------

In the absence of making the metastore truly a metadata-only service, it seems like what we really want is for the metastore to act on behalf of users.

Could we have the hive client fetch an HDFS delegation token and pass it securely to the metastore, so the metastore can act as the user to perform the operations?
Alternatively, could the metastore be set up with an HDFS proxy user principal that allows it to impersonate anyone in a "hive" group?

Although we don't have true authorization, etc, at the moment, in Hive, we should think about how to solve this in a way that at least moves us closer to that goal.

> Hive's metastore when run as a thrift service creates directories as the service user instead of the real user issuing create table/alter table etc.
> ----------------------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HIVE-1476
>                 URL: https://issues.apache.org/jira/browse/HIVE-1476
>             Project: Hadoop Hive
>          Issue Type: Bug
>    Affects Versions: 0.6.0, 0.7.0
>            Reporter: Pradeep Kamath
>         Attachments: HIVE-1476.patch, HIVE-1476.patch.2
>
>
> If the thrift metastore service is running as the user "hive" then all table directories as a result of create table are created as that user rather than the user who actually issued the create table command. This is different semantically from non-thrift mode (i.e. local mode) when clients directly connect to the metastore. In the latter case, directories are created as the real user. The thrift mode should do the same.

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.