[ https://issues.apache.org/jira/browse/HIVE-6907?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13969412#comment-13969412 ]
Thejas M Nair commented on HIVE-6907: ------------------------------------- I ran some tests to verify it works with doAs=false and no proxy user setting for the hive server2 process user. (Also added some logging to verify that this code path is used - which was useful as it reminded me that this code path doesn't get used with hive 0.12 jdbc driver!) I have verified that this patch works with unsecure mode, but I haven't yet verified the behavior with kerberos secured cluster. {code} beeline> !connect jdbc:hive2://localhost:10000/ user fakepwd org.apache.hive.jdbc.HiveDriver Connecting to jdbc:hive2://localhost:10000/ Connected to: Apache Hive (version 0.13.0) Driver: Hive JDBC (version 0.13.0) Transaction isolation: TRANSACTION_REPEATABLE_READ 0: jdbc:hive2://localhost:10000/> set hive.server2.enable.doAs; +---------------------------------+ | set | +---------------------------------+ | hive.server2.enable.doAs=false | +---------------------------------+ 1 row selected (0.007 seconds) 0: jdbc:hive2://localhost:10000/> set hadoop.proxyuser.hive.groups; +--------------------------------------------+ | set | +--------------------------------------------+ | hadoop.proxyuser.hive.groups is undefined | +--------------------------------------------+ 1 row selected (0.009 seconds) 0: jdbc:hive2://localhost:10000/> set hadoop.proxyuser.hive.hosts; +-------------------------------------------+ | set | +-------------------------------------------+ | hadoop.proxyuser.hive.hosts is undefined | +-------------------------------------------+ 1 row selected (0.007 seconds) 0: jdbc:hive2://localhost:10000/> set hadoop.proxyuser.oozie.hosts; +---------------------------------+ | set | +---------------------------------+ | hadoop.proxyuser.oozie.hosts=* | +---------------------------------+ 1 row selected (0.007 seconds) 0: jdbc:hive2://localhost:10000/> select count(*) from sample_07 ; +------+ | _c0 | +------+ | 823 | +------+ {code} > HiveServer2 - wrong user gets used for metastore operation with embedded > metastore > ---------------------------------------------------------------------------------- > > Key: HIVE-6907 > URL: https://issues.apache.org/jira/browse/HIVE-6907 > Project: Hive > Issue Type: Bug > Components: HiveServer2 > Affects Versions: 0.13.0 > Reporter: Thejas M Nair > Assignee: Thejas M Nair > Priority: Blocker > Fix For: 0.13.0 > > Attachments: HIVE-6907.1.patch, HIVE-6907.2.patch, HIVE-6907.3.patch > > > When queries are being run concurrently against HS2, sometimes the wrong user > ends performing the metastore action and you get an error like - > {code} > ..INFO|java.sql.SQLException: Error while processing statement: FAILED: > Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. > MetaException(message:java.security.AccessControlException: action WRITE not > permitted on path hdfs://example.net:8020/apps/hive/warehouse/tbl_4eeulg9zp4 > for user hrt_qa) > {code} -- This message was sent by Atlassian JIRA (v6.2#6252)