[HIVE-22919] StorageBasedAuthorizationProvider does not allow create databases after changing hive.metastore.warehouse.dir - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Patch Available
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Description

ENVIRONMENT:
Hive-2.3

STEPS TO REPRODUCE:

1. Configure Storage Based Authorization:

<property>
  <name>hive.security.authorization.enabled</name>
  <value>true</value>
</property>
<property>
  <name>hive.security.metastore.authorization.manager</name>
  <value>org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider</value>
</property>
<property>
  <name>hive.security.authorization.manager</name>
  <value>org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider</value>
</property>
<property>
  <name>hive.security.metastore.authenticator.manager</name>
  <value>org.apache.hadoop.hive.ql.security.HadoopDefaultMetastoreAuthenticator</value>
</property>
<property>
  <name>hive.metastore.pre.event.listeners</name>
  <value>org.apache.hadoop.hive.ql.security.authorization.AuthorizationPreEventListener</value>
</property>

2. Create a few directories, change owners and permissions to it:

hadoop fs -mkdir /tmp/m1
hadoop fs -mkdir /tmp/m2
hadoop fs -mkdir /tmp/m3
hadoop fs -chown testuser1:testuser1 /tmp/m[1,3]
hadoop fs -chmod 700 /tmp/m[1-3]

3. Check permissions:

[test@node2 ~]$ hadoop fs -ls /tmp|grep m[1-3]
drwx------   - testuser1 testuser1          0 2020-02-11 10:25 /tmp/m1
drwx------   - test      test               0 2020-02-11 10:25 /tmp/m2
drwx------   - testuser1 testuser1          1 2020-02-11 10:36 /tmp/m3
[test@node2 ~]$

4. Loggin into Hive CLI using embedded Hive Metastore as "testuser1" user, with "hive.metastore.warehouse.dir" set to "/tmp/m1":

sudo -u testuser1 hive --hiveconf hive.metastore.uris= --hiveconf hive.metastore.warehouse.dir=/tmp/m1

5. Perform the next steps:

-- 1. Check "hive.metastore.warehouse.dir" value:
SET hive.metastore.warehouse.dir;
-- 2. Set "hive.metastore.warehouse.dir" to the path, to which "testuser1" user does not have an access:
SET hive.metastore.warehouse.dir=/tmp/m2;
-- 3. Try to create a database:
CREATE DATABASE m2;
-- 4. Set "hive.metastore.warehouse.dir" to the path, to which "testuser1" user has an access:
SET hive.metastore.warehouse.dir=/tmp/m3;
-- 5. Try to create a database:
CREATE DATABASE m3;

ACTUAL RESULT:
Query 5 fails with an exception below. It does not handle "hive.metastore.warehouse.dir" proprty:

hive> -- 5. Try to create a database:
hive> CREATE DATABASE m3;
FAILED: HiveException org.apache.hadoop.security.AccessControlException: User testuser1(user id 5001)  does not have access to hdfs:/tmp/m2/m3.db
hive>

EXPECTED RESULT:
Query 5 creates a database;

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HIVE-22919.1.patch
21/Feb/20 12:39
2 kB
Oleksiy Sayankin
HIVE-22919.2.patch
24/Feb/20 11:58
6 kB
Oleksiy Sayankin
HIVE-22919.3.patch
25/Feb/20 10:32
6 kB
Oleksiy Sayankin
HIVE-22919.4.patch
26/Feb/20 16:10
6 kB
Oleksiy Sayankin
HIVE-22919.5.patch
27/Feb/20 10:34
7 kB
Oleksiy Sayankin
HIVE-22919.6.patch
28/Feb/20 11:26
7 kB
Oleksiy Sayankin

Issue Links

links to

ReviewBoard

Activity

People

Assignee:: Oleksiy Sayankin

Reporter:: Oleksiy Sayankin

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 21/Feb/20 12:20

Updated:: 29/Feb/20 02:30