You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hive.apache.org by "Oleksandr Polishchuk (JIRA)" <ji...@apache.org> on 2019/04/01 10:07:00 UTC

[jira] [Assigned] (HIVE-21532) RuntimeException due to AccessControlException during creating hive-staging-dir

     [ https://issues.apache.org/jira/browse/HIVE-21532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Oleksandr Polishchuk reassigned HIVE-21532:
-------------------------------------------

    Assignee: Oleksiy Sayankin  (was: Oleksandr Polishchuk)

> RuntimeException due to AccessControlException during creating hive-staging-dir
> -------------------------------------------------------------------------------
>
>                 Key: HIVE-21532
>                 URL: https://issues.apache.org/jira/browse/HIVE-21532
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Oleksandr Polishchuk
>            Assignee: Oleksiy Sayankin
>            Priority: Minor
>         Attachments: HIVE-21532.1.patch, HIVE-21532.1.patch, HIVE-21532.2.patch
>
>
> The bug was found with environment - Hive-2.3.
> Steps lead to an exception:
> 1) Create user without root permissions on your node.
> 2) The {{hive-site.xml}} file has to contain the next properties:
> {code:java}
>  <property>
>     <name>hive.security.authorization.enabled</name>
>   <value>true</value>
>   </property>
>   <property>
>    <name>hive.security.authorization.manager</name>
>  <value>org.apache.hadoop.hive.ql.security.authorization.plugin.fallback.FallbackHiveAuthorizerFactory</value>
>   </property>
> {code}
> 3) Open Hive CLI and do next query:
> {code:java}
>  insert overwrite local directory '/tmp/test_dir' row format delimited fields terminated by ',' select * from temp.test;
> {code}
> The previous query will fails with the next exception:
> {code:java}
> FAILED: RuntimeException Cannot create staging directory 'hdfs:///tmp/test_dir/.hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1': User testuser(user id 3456)  has been denied access to create .hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1
> {code}
> The investigation shows that if delete the mentioned above properties from {{hive-site.xml}} and pass {{`queryTmpdir`}} instead of {{`dest_path`}} in the {{org.apache.hadoop.hive.ql.Context#getTempDirForPath()}} as was in the Hive-2.1. everything will be fine. The current method is using in the {{org.apache.hadoop.hive.ql.parse.SemanticAnalyzer}}  - {{String statsTmpLoc = ctx.getTempDirForPath(dest_path).toString();}}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)