[
https://issues.apache.org/jira/browse/HIVE-25381?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17386715#comment-17386715
]
Ranith Sardar commented on HIVE-25381:
--------------------------------------
hive code is getting used for impersonating
{code}
public static boolean isOwnerOfFileHierarchy(final FileSystem fs,
final FileStatus fileStatus, final String userName, final boolean recurse)
throws IOException, InterruptedException {
UserGroupInformation proxyUser =
UserGroupInformation.createProxyUser(userName,
UserGroupInformation.getLoginUser());
try {
boolean isOwner = proxyUser.doAs(new PrivilegedExceptionAction<Boolean>()
{
@Override
public Boolean run() throws Exception {
FileSystem fsAsUser = FileSystem.get(fs.getUri(), fs.getConf());
return checkIsOwnerOfFileHierarchy(fsAsUser, fileStatus, userName,
recurse);
}
});
return isOwner;
} finally {
FileSystem.closeAllForUGI(proxyUser);
}{code}
Here userName is coming from
{code:java}
String configuredOwner = HiveConf.getVar(conf,
ConfVars.HIVE_LOAD_DATA_OWNER);{code}
which basically means UserGroupInformation.getLoginUser() is impersonating
"userName".
> Hive impersonation Failed when load data of managed tables set as hive
> ----------------------------------------------------------------------
>
> Key: HIVE-25381
> URL: https://issues.apache.org/jira/browse/HIVE-25381
> Project: Hive
> Issue Type: Bug
> Reporter: Ranith Sardar
> Assignee: Ranith Sardar
> Priority: Minor
> Fix For: 3.1.0, 4.0.0
>
>
> When hive.server2.enable.doAs = True and setting hive as the default value
> for "hive.load.data.owner" property, this will cause below logic(in
> Hive.java-needToCopy{color:#24292e}({color})) to fail always as the
> framework is validating the owner of the file against the value which we set
> in the property hive.load.data.owner.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
