You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hive.apache.org by "Carl Steinbach (Updated) (JIRA)" <ji...@apache.org> on 2012/02/02 23:20:55 UTC

[jira] [Updated] (HIVE-2554) Hive authorization with remote metastore does not work

     [ https://issues.apache.org/jira/browse/HIVE-2554?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Carl Steinbach updated HIVE-2554:
---------------------------------

    Component/s: Authorization
    
> Hive authorization with remote metastore does not work
> ------------------------------------------------------
>
>                 Key: HIVE-2554
>                 URL: https://issues.apache.org/jira/browse/HIVE-2554
>             Project: Hive
>          Issue Type: Bug
>          Components: Authorization, Security
>    Affects Versions: 0.7.1
>         Environment: CentOS release 5.7
> Hadoop 0.20.2 (pseudo-distributed mode)
>            Reporter: Alex Holmes
>
> *Install Hadoop 0.20.2*
> #  Explode Hadoop 0.20.2 tarball
> #  Configure for pseudo-distributed mode from [Hadoop site|http://hadoop.apache.org/common/docs/r0.20.2/quickstart.html#PseudoDistributed]
> #  Create user "hadoop"
> #  Start all Hadoop daemons as user hadoop
> *Install Hive 0.7.1*
> #  Explode Hive 0.7.1 tarball
> #  Create user "hive"
> #  Configure Hive to run with remote metastore, and with authentication.  Contents of hive-site.xml are:
> {code}
> <configuration>
> <property>
>   <name>hive.metastore.local</name>
>   <value>false</value>
> </property>
> <property>
>   <name>hive.metastore.uris</name>
>   <value>thrift://localhost:9083</value>
> </property>
> <property>
>  <name>hive.security.authorization.enabled</name>
>  <value>true</value>
> </property>
> </configuration>
> {code}
> # Create and open-up the Hive-related directories in HDFS
> hadoop fs -mkdir /user/hive/warehouse
> hadoop fs -chmod -R 777 /user/hive/warehouse
> hadoop fs -mkdir /tmp
> hadoop fs -chmod -R 777 /tmp
> *Run the metastore*
> ./hive --service metastore
> *Run the hive client*
> The exception below is thrown regardless of which user is running the metastore and client (tried as both the hive and hadoop users, and combinations thereof).
> {code}
> ./hive
> hive> set hive.security.authorization.enabled=false;
> hive> CREATE TABLE pokes (foo INT, bar STRING) ROW FORMAT DELIMITED FIELDS TERMINATED BY '-' STORED AS TEXTFILE;
> OK
> hive> LOAD DATA LOCAL INPATH '/tmp/foobar.txt' OVERWRITE INTO TABLE pokes;
> Copying data from file:/tmp/foobar.txt
> Copying file: file:/tmp/foobar.txt
> Loading data to table default.pokes
> Deleted hdfs://localhost:9000/user/hive/warehouse/pokes
> OK
> Time taken: 0.443 seconds
> hive> grant select on table pokes to user hive;
> OK
> Time taken: 0.191 seconds
> hive> set hive.security.authorization.enabled=true;
> hive> show grant user hive on table pokes;
> OK
> database	default	
> table	pokes	
> principalName	hive	
> principalType	USER	
> privilege	Select	
> grantTime	1320642081	
> grantor	hadoop	
> Time taken: 0.084 seconds
> hive> select * from pokes;
> FAILED: Hive Internal Error: org.apache.hadoop.hive.ql.metadata.HiveException(org.apache.thrift.TApplicationException: get_privilege_set failed: unknown result)
> org.apache.hadoop.hive.ql.metadata.HiveException: org.apache.thrift.TApplicationException: get_privilege_set failed: unknown result
> 	at org.apache.hadoop.hive.ql.metadata.Hive.get_privilege_set(Hive.java:1617)
> 	at org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorizeUserPriv(DefaultHiveAuthorizationProvider.java:201)
> 	at org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorizeUserAndDBPriv(DefaultHiveAuthorizationProvider.java:226)
> 	at org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorizeUserDBAndTable(DefaultHiveAuthorizationProvider.java:259)
> 	at org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorize(DefaultHiveAuthorizationProvider.java:159)
> 	at org.apache.hadoop.hive.ql.Driver.doAuthorization(Driver.java:531)
> 	at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:393)
> 	at org.apache.hadoop.hive.ql.Driver.run(Driver.java:736)
> 	at org.apache.hadoop.hive.cli.CliDriver.processCmd(CliDriver.java:164)
> 	at org.apache.hadoop.hive.cli.CliDriver.processLine(CliDriver.java:241)
> 	at org.apache.hadoop.hive.cli.CliDriver.main(CliDriver.java:456)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> 	at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> 	at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> 	at java.lang.reflect.Method.invoke(Method.java:597)
> 	at org.apache.hadoop.util.RunJar.main(RunJar.java:156)
> Caused by: org.apache.thrift.TApplicationException: get_privilege_set failed: unknown result
> 	at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.recv_get_privilege_set(ThriftHiveMetastore.java:2414)
> 	at org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.get_privilege_set(ThriftHiveMetastore.java:2379)
> 	at org.apache.hadoop.hive.metastore.HiveMetaStoreClient.get_privilege_set(HiveMetaStoreClient.java:1042)
> 	at org.apache.hadoop.hive.ql.metadata.Hive.get_privilege_set(Hive.java:1615)
> 	... 15 more
> {code}

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira