[HIVE-8643] DDL operations via WebHCat with doAs parameter in secure cluster fail - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 0.14.0
Fix Version/s: 0.14.0
Component/s: WebHCat
Labels:
None

Description

webhcat handles DDL command by forking to 'hcat', i.e. HCatCli
This starts a session.

SessionState.start() creates scratch dir based on current user name
via startSs.createSessionDirs(sessionUGI.getShortUserName());

This UGI is not aware of doAs param, so the name of the dir always ends up 'hcat', but because a delegation token is generated in WebHCat for HDFS access, the owner of the scratch dir is the calling user. Thus next time a session is started (because of a new DDL call from different user), it ends up trying to use the same scratch dir but cannot as it has 700 permission set.

We need to pass in doAs user into SessionState

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HIVE-8643.patch
29/Oct/14 07:18
2 kB
Eugene Koifman
HIVE-8643.2.patch
29/Oct/14 20:24
2 kB
Eugene Koifman
HIVE-8643.3.patch
29/Oct/14 21:18
3 kB
Eugene Koifman

Issue Links

breaks

HIVE-8685 DDL operations in WebHCat set proxy user to "null" in unsecure mode

Closed

relates to

HIVE-5542 Webhcat is failing to run ddl command on a secure cluster

Resolved

HIVE-6847 Improve / fix bugs in Hive scratch dir setup

Closed

Activity

People

Assignee:: Eugene Koifman

Reporter:: Eugene Koifman

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 29/Oct/14 06:54

Updated:: 18/Nov/14 21:54

Resolved:: 30/Oct/14 19:18