[ https://issues.apache.org/jira/browse/HIVE-21532?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16803892#comment-16803892 ]
Oleksandr Polishchuk commented on HIVE-21532: --------------------------------------------- *FIXED* In Hive-2.3. See attached patch. *ROOT CAUSE* There was passed {{dest_path}} not a {{queryTmpdir as was in Hive-2.1. Some restrictions related with }}{{FallbackHiveAuthorizerFactory }} *SOLUTION* There was passed {{queryTmpdir}} instead of {{dest_path}} in the {{org.apache.hadoop.ql.parse.SemanticAnalyzer}} {code:java} String statsTmpLoc = ctx.getTempDirForPath(queryTmpdir).toString(); {code} {{The properties }}{{hive.security.authorization.enabled and hive.security.authorization.manager were deleted from }}{{hive-site.xml}}. *EFFECTS* - Created {{TmpDirForPath}}. - Access is allowed for user without root permission > RuntimeException due to AccessControlException during creating > hive-staging-dir > ------------------------------------------------------------------------------- > > Key: HIVE-21532 > URL: https://issues.apache.org/jira/browse/HIVE-21532 > Project: Hive > Issue Type: Bug > Reporter: Oleksandr Polishchuk > Priority: Minor > > The bug was found with environment - Hive-2.3. > Steps lead to an exception: > 1) Create user without root permissions on your node. > 2) The {{hive-site.xml}} file has to contain the next properties: > {code:java} > <property> > <name>hive.security.authorization.enabled</name> > <value>true</value> > </property> > <property> > <name>hive.security.authorization.manager</name> > > <value>org.apache.hadoop.hive.ql.security.authorization.plugin.fallback.FallbackHiveAuthorizerFactory</value> > </property> > {code} > 3) Open Hive CLI and do next query: > {code:java} > insert overwrite local directory '/tmp/test_dir' row format delimited fields > terminated by ',' select * from temp.test; > {code} > The previous query will fails with the next exception: > {code:java} > FAILED: RuntimeException Cannot create staging directory > 'hdfs:///tmp/test_dir/.hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1': > User testuser(user id 3456) has been denied access to create > .hive-staging_hive_2019-03-28_11-51-05_319_5882446299335967521-1 > {code} > The investigation shows that if delete the mentioned above properties from > {{hive-site.xml}} and pass {{`queryTmpdir`}} instead of {{`dest_path`}} in > the {{org.apache.hadoop.hive.ql.Context#getTempDirForPath()}} as was in the > Hive-2.1. everything will be fine. The current method is using in the > {{org.apache.hadoop.hive.ql.parse.SemanticAnalyzer}} - {{String statsTmpLoc > = ctx.getTempDirForPath(dest_path).toString();}} -- This message was sent by Atlassian JIRA (v7.6.3#76005)