Details
-
Bug
-
Status: Patch Available
-
Major
-
Resolution: Unresolved
-
None
-
None
-
None
-
None
Description
ENVIRONMENT:
Hive-2.3
STEPS TO REPRODUCE:
1. Configure Storage Based Authorization:
<property> <name>hive.security.authorization.enabled</name> <value>true</value> </property> <property> <name>hive.security.metastore.authorization.manager</name> <value>org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider</value> </property> <property> <name>hive.security.authorization.manager</name> <value>org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider</value> </property> <property> <name>hive.security.metastore.authenticator.manager</name> <value>org.apache.hadoop.hive.ql.security.HadoopDefaultMetastoreAuthenticator</value> </property> <property> <name>hive.metastore.pre.event.listeners</name> <value>org.apache.hadoop.hive.ql.security.authorization.AuthorizationPreEventListener</value> </property>
2. Create a few directories, change owners and permissions to it:
hadoop fs -mkdir /tmp/m1 hadoop fs -mkdir /tmp/m2 hadoop fs -mkdir /tmp/m3 hadoop fs -chown testuser1:testuser1 /tmp/m[1,3] hadoop fs -chmod 700 /tmp/m[1-3]
3. Check permissions:
[test@node2 ~]$ hadoop fs -ls /tmp|grep m[1-3] drwx------ - testuser1 testuser1 0 2020-02-11 10:25 /tmp/m1 drwx------ - test test 0 2020-02-11 10:25 /tmp/m2 drwx------ - testuser1 testuser1 1 2020-02-11 10:36 /tmp/m3 [test@node2 ~]$
4. Loggin into Hive CLI using embedded Hive Metastore as "testuser1" user, with "hive.metastore.warehouse.dir" set to "/tmp/m1":
sudo -u testuser1 hive --hiveconf hive.metastore.uris= --hiveconf hive.metastore.warehouse.dir=/tmp/m1
5. Perform the next steps:
-- 1. Check "hive.metastore.warehouse.dir" value: SET hive.metastore.warehouse.dir; -- 2. Set "hive.metastore.warehouse.dir" to the path, to which "testuser1" user does not have an access: SET hive.metastore.warehouse.dir=/tmp/m2; -- 3. Try to create a database: CREATE DATABASE m2; -- 4. Set "hive.metastore.warehouse.dir" to the path, to which "testuser1" user has an access: SET hive.metastore.warehouse.dir=/tmp/m3; -- 5. Try to create a database: CREATE DATABASE m3;
ACTUAL RESULT:
Query 5 fails with an exception below. It does not handle "hive.metastore.warehouse.dir" proprty:
hive> -- 5. Try to create a database: hive> CREATE DATABASE m3; FAILED: HiveException org.apache.hadoop.security.AccessControlException: User testuser1(user id 5001) does not have access to hdfs:/tmp/m2/m3.db hive>
EXPECTED RESULT:
Query 5 creates a database;
Attachments
Attachments
Issue Links
- links to