Uploaded image for project: 'Spark'
  1. Spark
  2. SPARK-22506

Spark thrift server can not impersonate user in kerberos

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 2.2.0
    • Fix Version/s: None
    • Component/s: Deploy
    • Labels:
      None

      Description

      Spark thrift server can not impersonate user in kerberos environment.
      I launch spark thrift server in* yarn-client mode by user *hive ,which is allowed to impersonate other user.
      User* jt_jzyx_project7* submit sql statement to query its own table located in hdfs catalog: /user/jt_jzyx_project7, and happened errors:
      Permission denied: user=hive, access=EXECUTE, inode="/user/jt_jzyx_project7":hdfs:jt_jzyx_project7:drwxrwx---:user:g_dcpt_project1:rwx,group::rwx
      obviously, spark thrift server didn't proxy user: jt_jzyx_project7 in hdfs.
      And this happened task stage, which means it pass the hive authorization.

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              wangchao2017 sydt
            • Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

              • Created:
                Updated: