Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-7890

SessionState creates HMS Client while not impersonating

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • None
    • 0.14.0
    • None
    • None

    Description

      In SessionState.start an instance of the the HMSClient is created. When impersonation is enabled, this call does not occur within a "doas" call and thus the HMSClient is created as the server user, not the impersonated user.

      Thus calls to the HMS are made by the "hive" user as opposed to the end user. This causes file ownership such as a database directory owner to be incorrect. While debugging this, I got stack trace below. As you can see we are calling getMSC without a doas.

      	at org.apache.hadoop.hive.ql.metadata.Hive.getMSC(Hive.java:2474)
	at org.apache.hadoop.hive.ql.session.SessionState.start(SessionState.java:367)
	at org.apache.hive.service.cli.session.HiveSessionImpl.<init>(HiveSessionImpl.java:121)
	at org.apache.hive.service.cli.session.HiveSessionImplwithUGI.<init>(HiveSessionImplwithUGI.java:49)
	at org.apache.hive.service.cli.session.SessionManager.openSession(SessionManager.java:130)
	at org.apache.hive.service.cli.CLIService.openSessionWithImpersonation(CLIService.java:163)
	at org.apache.hive.service.cli.thrift.ThriftCLIService.getSessionHandle(ThriftCLIService.java:290)
	at org.apache.hive.service.cli.thrift.ThriftCLIService.OpenSession(ThriftCLIService.java:208)
	at org.apache.hive.service.cli.thrift.TCLIService$Processor$OpenSession.getResult(TCLIService.java:1313)
	at org.apache.hive.service.cli.thrift.TCLIService$Processor$OpenSession.getResult(TCLIService.java:1298)
	at org.apache.thrift.ProcessFunction.process(ProcessFunction.java:39)
	at org.apache.thrift.TBaseProcessor.process(TBaseProcessor.java:39)
	at org.apache.hive.service.auth.TSetIpAddressProcessor.process(TSetIpAddressProcessor.java:55)
	at org.apache.thrift.server.TThreadPoolServer$WorkerProcess.run(TThreadPoolServer.java:244)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
	at java.lang.Thread.run(Thread.java:744)

      Attachments

        1. HIVE-7890.2.patch
          3 kB
          Brock Noland

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. HIVE-6245 HS2 creates DBs/Tables with wrong ownership when HMS setugi is true

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. HIVE-11157 Hive.get(HiveConf) returns same Hive object to different user sessions

          • Major - Major loss of function.
          • Closed

          Activity

            People

              brocknoland Brock Noland
              brocknoland Brock Noland
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: