You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Peter Vary (Jira)" <ji...@apache.org> on 2019/09/30 12:57:00 UTC
[jira] [Commented] (HIVE-22273) Access check is failed when a
temporary directory is removed
[ https://issues.apache.org/jira/browse/HIVE-22273?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16940938#comment-16940938 ]
Peter Vary commented on HIVE-22273:
-----------------------------------
Also this results in:
{code}
2019-09-24T16:12:59,614 ERROR [7e491237-1505-4388-afb9-5ec2a688b0dc HiveServer2-HttpHandler-Pool: Thread-11941]: ql.Driver (:()) - FAILED: HiveAccessControlException Permission denied: user [SOMEONE] does not have [ALL] privilege on [hdfs://HDFS_FOLDER/TABLE_NAME]
org.apache.hadoop.hive.ql.security.authorization.plugin.HiveAccessControlException: Permission denied: user [SOMEONE] does not have [ALL] privilege on [hdfs://HDFS_FOLDER/TABLE_NAME]
at org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.checkPrivileges(RangerHiveAuthorizer.java:288)
at org.apache.hadoop.hive.ql.Driver.doAuthorizationV2(Driver.java:1336)
at org.apache.hadoop.hive.ql.Driver.doAuthorization(Driver.java:1100)
at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:709)
at org.apache.hadoop.hive.ql.Driver.compileInternal(Driver.java:1869)
at org.apache.hadoop.hive.ql.Driver.compileAndRespond(Driver.java:1816)
at org.apache.hadoop.hive.ql.Driver.compileAndRespond(Driver.java:1811)
at org.apache.hadoop.hive.ql.reexec.ReExecDriver.compileAndRespond(ReExecDriver.java:126)
at org.apache.hive.service.cli.operation.SQLOperation.prepare(SQLOperation.java:197)
at org.apache.hive.service.cli.operation.SQLOperation.runInternal(SQLOperation.java:262)
at org.apache.hive.service.cli.operation.Operation.run(Operation.java:247)
at org.apache.hive.service.cli.session.HiveSessionImpl.executeStatementInternal(HiveSessionImpl.java:575)
at org.apache.hive.service.cli.session.HiveSessionImpl.executeStatementAsync(HiveSessionImpl.java:561)
at sun.reflect.GeneratedMethodAccessor148.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:498)
at org.apache.hive.service.cli.session.HiveSessionProxy.invoke(HiveSessionProxy.java:78)
at org.apache.hive.service.cli.session.HiveSessionProxy.access$000(HiveSessionProxy.java:36)
at org.apache.hive.service.cli.session.HiveSessionProxy$1.run(HiveSessionProxy.java:63)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1730)
at org.apache.hive.service.cli.session.HiveSessionProxy.invoke(HiveSessionProxy.java:59)
at com.sun.proxy.$Proxy71.executeStatementAsync(Unknown Source)
at org.apache.hive.service.cli.CLIService.executeStatementAsync(CLIService.java:315)
at org.apache.hive.service.cli.thrift.ThriftCLIService.ExecuteStatement(ThriftCLIService.java:566)
at org.apache.hive.service.rpc.thrift.TCLIService$Processor$ExecuteStatement.getResult(TCLIService.java:1557)
at org.apache.hive.service.rpc.thrift.TCLIService$Processor$ExecuteStatement.getResult(TCLIService.java:1542)
at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39)
at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
at org.apache.thrift.server.TServlet.doPost(TServlet.java:83)
at org.apache.hive.service.cli.thrift.ThriftHttpServlet.doPost(ThriftHttpServlet.java:208)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:790)
at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:848)
at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:585)
at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:224)
at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1180)
at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:513)
at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:185)
at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1112)
at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:141)
at org.eclipse.jetty.server.handler.gzip.GzipHandler.handle(GzipHandler.java:493)
at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:134)
{code}
> Access check is failed when a temporary directory is removed
> ------------------------------------------------------------
>
> Key: HIVE-22273
> URL: https://issues.apache.org/jira/browse/HIVE-22273
> Project: Hive
> Issue Type: Bug
> Reporter: Peter Vary
> Assignee: Peter Vary
> Priority: Major
> Attachments: HIVE-22273.patch
>
>
> The following exception is thrown if a temporary file is deleted during the access checks:
> {code}
> 2019-09-24T16:12:59,611 ERROR [7e491237-1505-4388-afb9-5ec2a688b0dc HiveServer2-HttpHandler-Pool: Thread-11941]: authorizer.RangerHiveAuthorizer (:()) - Error getting permissions for hdfs://HDFS_FOLDER/TABLE_NAME
> java.io.FileNotFoundException: File hdfs://HDFS_FOLDER/TABLE_NAME/.hive-staging_hive_2019-09-24_16-12-48_899_7291847300113791212-245/_tmp.-ext-10001 does not exist.
> at org.apache.hadoop.hdfs.DistributedFileSystem.listStatusInternal(DistributedFileSystem.java:1059) ~[hadoop-hdfs-client-3.1.1.3.1.0.0-78.jar:?]
> at org.apache.hadoop.hdfs.DistributedFileSystem.access$1000(DistributedFileSystem.java:131) ~[hadoop-hdfs-client-3.1.1.3.1.0.0-78.jar:?]
> at org.apache.hadoop.hdfs.DistributedFileSystem$24.doCall(DistributedFileSystem.java:1119) ~[hadoop-hdfs-client-3.1.1.3.1.0.0-78.jar:?]
> at org.apache.hadoop.hdfs.DistributedFileSystem$24.doCall(DistributedFileSystem.java:1116) ~[hadoop-hdfs-client-3.1.1.3.1.0.0-78.jar:?]
> at org.apache.hadoop.fs.FileSystemLinkResolver.resolve(FileSystemLinkResolver.java:81) ~[hadoop-common-3.1.1.3.1.0.0-78.jar:?]
> at org.apache.hadoop.hdfs.DistributedFileSystem.listStatus(DistributedFileSystem.java:1126) ~[hadoop-hdfs-client-3.1.1.3.1.0.0-78.jar:?]
> at org.apache.hadoop.hive.common.FileUtils.checkIsOwnerOfFileHierarchy(FileUtils.java:561) ~[hive-common-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at org.apache.hadoop.hive.common.FileUtils.checkIsOwnerOfFileHierarchy(FileUtils.java:564) ~[hive-common-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at org.apache.hadoop.hive.common.FileUtils.checkIsOwnerOfFileHierarchy(FileUtils.java:564) ~[hive-common-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at org.apache.hadoop.hive.common.FileUtils$4.run(FileUtils.java:540) ~[hive-common-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at org.apache.hadoop.hive.common.FileUtils$4.run(FileUtils.java:536) ~[hive-common-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_171]
> at javax.security.auth.Subject.doAs(Subject.java:422) ~[?:1.8.0_171]
> at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1730) ~[hadoop-common-3.1.1.3.1.0.0-78.jar:?]
> at org.apache.hadoop.hive.common.FileUtils.isOwnerOfFileHierarchy(FileUtils.java:536) ~[hive-common-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at org.apache.hadoop.hive.common.FileUtils.isOwnerOfFileHierarchy(FileUtils.java:527) ~[hive-common-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.isURIAccessAllowed(RangerHiveAuthorizer.java:1420) ~[?:?]
> at org.apache.ranger.authorization.hive.authorizer.RangerHiveAuthorizer.checkPrivileges(RangerHiveAuthorizer.java:287) ~[?:?]
> at org.apache.hadoop.hive.ql.Driver.doAuthorizationV2(Driver.java:1336) ~[hive-exec-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at org.apache.hadoop.hive.ql.Driver.doAuthorization(Driver.java:1100) ~[hive-exec-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:709) ~[hive-exec-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at org.apache.hadoop.hive.ql.Driver.compileInternal(Driver.java:1869) ~[hive-exec-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at org.apache.hadoop.hive.ql.Driver.compileAndRespond(Driver.java:1816) ~[hive-exec-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at org.apache.hadoop.hive.ql.Driver.compileAndRespond(Driver.java:1811) ~[hive-exec-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at org.apache.hadoop.hive.ql.reexec.ReExecDriver.compileAndRespond(ReExecDriver.java:126) ~[hive-exec-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at org.apache.hive.service.cli.operation.SQLOperation.prepare(SQLOperation.java:197) ~[hive-service-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at org.apache.hive.service.cli.operation.SQLOperation.runInternal(SQLOperation.java:262) ~[hive-service-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at org.apache.hive.service.cli.operation.Operation.run(Operation.java:247) ~[hive-service-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at org.apache.hive.service.cli.session.HiveSessionImpl.executeStatementInternal(HiveSessionImpl.java:575) ~[hive-service-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at org.apache.hive.service.cli.session.HiveSessionImpl.executeStatementAsync(HiveSessionImpl.java:561) ~[hive-service-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at sun.reflect.GeneratedMethodAccessor148.invoke(Unknown Source) ~[?:?]
> at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:1.8.0_171]
> at java.lang.reflect.Method.invoke(Method.java:498) ~[?:1.8.0_171]
> at org.apache.hive.service.cli.session.HiveSessionProxy.invoke(HiveSessionProxy.java:78) ~[hive-service-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at org.apache.hive.service.cli.session.HiveSessionProxy.access$000(HiveSessionProxy.java:36) ~[hive-service-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at org.apache.hive.service.cli.session.HiveSessionProxy$1.run(HiveSessionProxy.java:63) ~[hive-service-3.1.0.3.1.0.0-78.jar:3.1.0.3.1.0.0-78]
> at java.security.AccessController.doPrivileged(Native Method) ~[?:1.8.0_171]
> at javax.security.auth.Subject.doAs(Subject.java:422) ~[?:1.8.0_171]
> {code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)