[
https://issues.apache.org/jira/browse/HDFS-4220?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13501686#comment-13501686
]
Hans Uhlig commented on HDFS-4220:
----------------------------------
Example:
hive> select * from ba limit 10;
FAILED: RuntimeException org.apache.hadoop.security.AccessControlException:
Permission denied: user=huhlig, access=WRITE, inode="/":hdfs:hadoop:drwxr-xr-x
at
org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.check(FSPermissionChecker.java:205)
at
org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.check(FSPermissionChecker.java:186)
at
org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.checkPermission(FSPermissionChecker.java:135)
at
org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkPermission(FSNamesystem.java:4547)
at
org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkAncestorAccess(FSNamesystem.java:4518)
at
org.apache.hadoop.hdfs.server.namenode.FSNamesystem.mkdirsInternal(FSNamesystem.java:2880)
at
org.apache.hadoop.hdfs.server.namenode.FSNamesystem.mkdirsInt(FSNamesystem.java:2844)
at
org.apache.hadoop.hdfs.server.namenode.FSNamesystem.mkdirs(FSNamesystem.java:2823)
at
org.apache.hadoop.hdfs.server.namenode.NameNodeRpcServer.mkdirs(NameNodeRpcServer.java:639)
at
org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.mkdirs(ClientNamenodeProtocolServerSideTranslatorPB.java:417)
at
org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(ClientNamenodeProtocolProtos.java:44096)
at
org.apache.hadoop.ipc.ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine.java:453)
at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:898)
at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:1693)
at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:1689)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:396)
at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1332)
at org.apache.hadoop.ipc.Server$Handler.run(Server.java:1687)
This doesn't really explain what hive is trying to do in root or why its
writing to root for a select.
> Augment AccessControlException to include both affected inode and attempted
> operation
> -------------------------------------------------------------------------------------
>
> Key: HDFS-4220
> URL: https://issues.apache.org/jira/browse/HDFS-4220
> Project: Hadoop HDFS
> Issue Type: Improvement
> Components: hdfs client, name-node
> Affects Versions: 2.0.2-alpha
> Reporter: Hans Uhlig
> Priority: Minor
> Labels: documentation
>
> Currently when any application that uses hdfs runs and hits a permissions
> wall a message similar to the following is emitted.
> FAILED: RuntimeException org.apache.hadoop.security.AccessControlException:
> Permission denied: user=huhlig, access=WRITE, inode="/":hdfs:hadoop:drwxr-xr-x
> This provides a bit of information including who, did what and where but not
> what I tried to do. This makes debugging naughty or misconfigured
> applications difficult to debug.
> A preferable addition to this would follow inode
> FAILED: RuntimeException org.apache.hadoop.security.AccessControlException:
> Permission denied: user=huhlig, access=WRITE,
> inode="/":hdfs:hadoop:drwxr-xr-x, operation=mkdir:"/new/path/to/make"
> This would allow for easier tracing of applications like hive where they may
> hit odd file system spaces.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
