[jira] [Created] (HIVE-22919) StorageBasedAuthorizationProvider does not allow create databases after changing hive.metastore.warehouse.dir

Fri, 21 Feb 2020 04:21:14 -0800 

Oleksiy Sayankin created HIVE-22919:
---------------------------------------

             Summary: StorageBasedAuthorizationProvider does not allow create 
databases after changing hive.metastore.warehouse.dir
                 Key: HIVE-22919
                 URL: https://issues.apache.org/jira/browse/HIVE-22919
             Project: Hive
          Issue Type: Bug
            Reporter: Oleksiy Sayankin
            Assignee: Oleksiy Sayankin


*ENVIRONMENT:*
Hive-2.3


*STEPS TO REPRODUCE:*

1. Configure Storage Based Authorization:

{code:xml}<property>
  <name>hive.security.authorization.enabled</name>
  <value>true</value>
</property>
<property>
  <name>hive.security.metastore.authorization.manager</name>
  
<value>org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider</value>
</property>
<property>
  <name>hive.security.authorization.manager</name>
  
<value>org.apache.hadoop.hive.ql.security.authorization.StorageBasedAuthorizationProvider</value>
</property>
<property>
  <name>hive.security.metastore.authenticator.manager</name>
  
<value>org.apache.hadoop.hive.ql.security.HadoopDefaultMetastoreAuthenticator</value>
</property>
<property>
  <name>hive.metastore.pre.event.listeners</name>
  
<value>org.apache.hadoop.hive.ql.security.authorization.AuthorizationPreEventListener</value>
</property>{code}

2. Create a few directories, change owners and permissions to it:

{code:java}hadoop fs -mkdir /tmp/m1
hadoop fs -mkdir /tmp/m2
hadoop fs -mkdir /tmp/m3
hadoop fs -chown testuser1:testuser1 /tmp/m[1,3]
hadoop fs -chmod 700 /tmp/m[1-3]{code}

3. Check permissions:

{code:java}[test@node2 ~]$ hadoop fs -ls /tmp|grep m[1-3]
drwx------   - testuser1 testuser1          0 2020-02-11 10:25 /tmp/m1
drwx------   - test      test               0 2020-02-11 10:25 /tmp/m2
drwx------   - testuser1 testuser1          1 2020-02-11 10:36 /tmp/m3
[test@node2 ~]${code}

4. Loggin into Hive CLI using embedded Hive Metastore as *"testuser1"* user, 
with *"hive.metastore.warehouse.dir"* set to *"/tmp/m1"*:

{code:java}sudo -u testuser1 hive --hiveconf hive.metastore.uris= --hiveconf 
hive.metastore.warehouse.dir=/tmp/m1{code}

5. Perform the next steps:

{code:sql}-- 1. Check "hive.metastore.warehouse.dir" value:
SET hive.metastore.warehouse.dir;
-- 2. Set "hive.metastore.warehouse.dir" to the path, to which "testuser1" user 
does not have an access:
SET hive.metastore.warehouse.dir=/tmp/m2;
-- 3. Try to create a database:
CREATE DATABASE m2;
-- 4. Set "hive.metastore.warehouse.dir" to the path, to which "testuser1" user 
has an access:
SET hive.metastore.warehouse.dir=/tmp/m3;
-- 5. Try to create a database:
CREATE DATABASE m3;{code}

*ACTUAL RESULT:*
Query 5 fails with an exception below. It does not handle 
"hive.metastore.warehouse.dir" proprty:

{code:java}hive> -- 5. Try to create a database:
hive> CREATE DATABASE m3;
FAILED: HiveException org.apache.hadoop.security.AccessControlException: User 
testuser1(user id 5001)  does not have access to hdfs:/tmp/m2/m3.db
hive>{code}

*EXPECTED RESULT:*
Query 5 creates a database;



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to