[SPARK-22506] Spark thrift server can not impersonate user in kerberos - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Incomplete
Affects Version/s: 2.2.0
Fix Version/s: None
Component/s: Deploy
Labels:
- bulk-closed

Description

Spark thrift server can not impersonate user in kerberos environment.
I launch spark thrift server in* yarn-client mode by user *hive ,which is allowed to impersonate other user.
User* jt_jzyx_project7* submit sql statement to query its own table located in hdfs catalog: /user/jt_jzyx_project7, and happened errors:
Permission denied: user=hive, access=EXECUTE, inode="/user/jt_jzyx_project7":hdfs:jt_jzyx_project7:drwxrwx---:user:g_dcpt_project1:rwx,group::rwx
obviously, spark thrift server didn't proxy user: jt_jzyx_project7 in hdfs.
And this happened task stage, which means it pass the hive authorization.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

screenshot-1.png
13/Nov/17 11:19
64 kB
sydt

Activity

People

Assignee:: Unassigned

Reporter:: sydt

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 13/Nov/17 11:13

Updated:: 25/May/21 01:49

Resolved:: 25/May/21 01:44