[
https://issues.apache.org/jira/browse/HIVE-13532?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Changshu Liu updated HIVE-13532:
--------------------------------
Fix Version/s: 2.4.0
1.3.0
> MapredLocalTask should use the same security settings as remote task
> --------------------------------------------------------------------
>
> Key: HIVE-13532
> URL: https://issues.apache.org/jira/browse/HIVE-13532
> Project: Hive
> Issue Type: Bug
> Components: Security
> Affects Versions: 1.1.0
> Environment: HADOOP_PROXY_USER is set.
> Reporter: Zhiwen Sun
> Assignee: Changshu Liu
> Priority: Major
> Fix For: 1.3.0, 2.4.0
>
> Attachments: HIVE-13532.1.patch, HIVE-13532.2.patch
>
>
> Map join set HADOOP_USER_NAME should be realuser's username.
> Current, hive set HADOOP_USER_NAME env for mapjoin local process according:
> {quote}
> String endUserName = Utils.getUGI().getShortUserName();
> {quote}
> suppose set HADOOP_PROXY_USER=abc in shell.
> map join local job will have following env:
> {quote}
> HADOOP_USER_NAME=abc
> HADOOP_PROXY_NAME=abc
> {quote}
> this will cause such exception:
> {quote}
> java.io.IOException:
> org.apache.hadoop.ipc.RemoteException(org.apache.hadoop.security.authorize.AuthorizationException):
> User: abc is not allowed to impersonate
> {quote}
> I think we should set HADOOP_USER_NAME to realuser:
> {quote}
> String endUserName = Utils.getUGI().getRealUser().getShortUserName();
> {quote}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
