You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hive.apache.org by "Carl Steinbach (Updated) (JIRA)" <ji...@apache.org> on 2012/02/02 23:20:55 UTC
[jira] [Updated] (HIVE-2554) Hive authorization with remote
metastore does not work
[ https://issues.apache.org/jira/browse/HIVE-2554?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Carl Steinbach updated HIVE-2554:
---------------------------------
Component/s: Authorization
> Hive authorization with remote metastore does not work
> ------------------------------------------------------
>
> Key: HIVE-2554
> URL: https://issues.apache.org/jira/browse/HIVE-2554
> Project: Hive
> Issue Type: Bug
> Components: Authorization, Security
> Affects Versions: 0.7.1
> Environment: CentOS release 5.7
> Hadoop 0.20.2 (pseudo-distributed mode)
> Reporter: Alex Holmes
>
> *Install Hadoop 0.20.2*
> # Explode Hadoop 0.20.2 tarball
> # Configure for pseudo-distributed mode from [Hadoop site|http://hadoop.apache.org/common/docs/r0.20.2/quickstart.html#PseudoDistributed]
> # Create user "hadoop"
> # Start all Hadoop daemons as user hadoop
> *Install Hive 0.7.1*
> # Explode Hive 0.7.1 tarball
> # Create user "hive"
> # Configure Hive to run with remote metastore, and with authentication. Contents of hive-site.xml are:
> {code}
> <configuration>
> <property>
> <name>hive.metastore.local</name>
> <value>false</value>
> </property>
> <property>
> <name>hive.metastore.uris</name>
> <value>thrift://localhost:9083</value>
> </property>
> <property>
> <name>hive.security.authorization.enabled</name>
> <value>true</value>
> </property>
> </configuration>
> {code}
> # Create and open-up the Hive-related directories in HDFS
> hadoop fs -mkdir /user/hive/warehouse
> hadoop fs -chmod -R 777 /user/hive/warehouse
> hadoop fs -mkdir /tmp
> hadoop fs -chmod -R 777 /tmp
> *Run the metastore*
> ./hive --service metastore
> *Run the hive client*
> The exception below is thrown regardless of which user is running the metastore and client (tried as both the hive and hadoop users, and combinations thereof).
> {code}
> ./hive
> hive> set hive.security.authorization.enabled=false;
> hive> CREATE TABLE pokes (foo INT, bar STRING) ROW FORMAT DELIMITED FIELDS TERMINATED BY '-' STORED AS TEXTFILE;
> OK
> hive> LOAD DATA LOCAL INPATH '/tmp/foobar.txt' OVERWRITE INTO TABLE pokes;
> Copying data from file:/tmp/foobar.txt
> Copying file: file:/tmp/foobar.txt
> Loading data to table default.pokes
> Deleted hdfs://localhost:9000/user/hive/warehouse/pokes
> OK
> Time taken: 0.443 seconds
> hive> grant select on table pokes to user hive;
> OK
> Time taken: 0.191 seconds
> hive> set hive.security.authorization.enabled=true;
> hive> show grant user hive on table pokes;
> OK
> database default
> table pokes
> principalName hive
> principalType USER
> privilege Select
> grantTime 1320642081
> grantor hadoop
> Time taken: 0.084 seconds
> hive> select * from pokes;
> FAILED: Hive Internal Error: org.apache.hadoop.hive.ql.metadata.HiveException(org.apache.thrift.TApplicationException: get_privilege_set failed: unknown result)
> org.apache.hadoop.hive.ql.metadata.HiveException: org.apache.thrift.TApplicationException: get_privilege_set failed: unknown result
> at org.apache.hadoop.hive.ql.metadata.Hive.get_privilege_set(Hive.java:1617)
> at org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorizeUserPriv(DefaultHiveAuthorizationProvider.java:201)
> at org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorizeUserAndDBPriv(DefaultHiveAuthorizationProvider.java:226)
> at org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorizeUserDBAndTable(DefaultHiveAuthorizationProvider.java:259)
> at org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorize(DefaultHiveAuthorizationProvider.java:159)
> at org.apache.hadoop.hive.ql.Driver.doAuthorization(Driver.java:531)
> at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:393)
> at org.apache.hadoop.hive.ql.Driver.run(Driver.java:736)
> at org.apache.hadoop.hive.cli.CliDriver.processCmd(CliDriver.java:164)
> at org.apache.hadoop.hive.cli.CliDriver.processLine(CliDriver.java:241)
> at org.apache.hadoop.hive.cli.CliDriver.main(CliDriver.java:456)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:597)
> at org.apache.hadoop.util.RunJar.main(RunJar.java:156)
> Caused by: org.apache.thrift.TApplicationException: get_privilege_set failed: unknown result
> at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.recv_get_privilege_set(ThriftHiveMetastore.java:2414)
> at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.get_privilege_set(ThriftHiveMetastore.java:2379)
> at org.apache.hadoop.hive.metastore.HiveMetaStoreClient.get_privilege_set(HiveMetaStoreClient.java:1042)
> at org.apache.hadoop.hive.ql.metadata.Hive.get_privilege_set(Hive.java:1615)
> ... 15 more
> {code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira