[
https://issues.apache.org/jira/browse/HIVE-8643?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14188957#comment-14188957
]
Thejas M Nair commented on HIVE-8643:
-------------------------------------
Can you also add a comment to ProxyUserAuthenticator saying that it is no
longer necessary to use it with webhcat (0.14 release onwards).
Also, the comment block can you use the oracle java style (the IDE should be
able to do it for you) -
{code}
/*
* Here is a block comment.
*/
{code}
http://www.oracle.com/technetwork/java/javase/documentation/codeconventions-141999.html#385
> DDL operations via WebHCat with doAs parameter in secure cluster fail
> ---------------------------------------------------------------------
>
> Key: HIVE-8643
> URL: https://issues.apache.org/jira/browse/HIVE-8643
> Project: Hive
> Issue Type: Bug
> Components: WebHCat
> Affects Versions: 0.14.0
> Reporter: Eugene Koifman
> Assignee: Eugene Koifman
> Priority: Critical
> Fix For: 0.14.0
>
> Attachments: HIVE-8643.2.patch, HIVE-8643.patch
>
>
> webhcat handles DDL command by forking to 'hcat', i.e. HCatCli
> This starts a session.
> SessionState.start() creates scratch dir based on current user name
> via startSs.createSessionDirs(sessionUGI.getShortUserName());
> This UGI is not aware of doAs param, so the name of the dir always ends up
> 'hcat', but because a delegation token is generated in WebHCat for HDFS
> access, the owner of the scratch dir is the calling user. Thus next time a
> session is started (because of a new DDL call from different user), it ends
> up trying to use the same scratch dir but cannot as it has 700 permission set.
> We need to pass in doAs user into SessionState
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
