[
https://issues.apache.org/jira/browse/HIVE-27021?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17689719#comment-17689719
]
iBenny commented on HIVE-27021:
-------------------------------
[~zabetak]
I am thinking before we really delete the filesystem directory, could we do
some permission checks for the filesystem directory, if the user permission is
not allowed to do the deletion, HMS can return an error to the client. I think
it can avoid inconsistency in most cases.
Current flow:
delete table metadata (return error if fails) -> delete filesystem directory
(not return error if fails)
New flow:
check permission for deleting filesystem directory (return error if fails) ->
delete table metadata (return error if fails) -> delete filesystem directory
(not return error if fails)
> Drop table should not be success on purge enabled tables if underlying HDFS
> data delete fails
> ---------------------------------------------------------------------------------------------
>
> Key: HIVE-27021
> URL: https://issues.apache.org/jira/browse/HIVE-27021
> Project: Hive
> Issue Type: Bug
> Reporter: iBenny
> Priority: Minor
> Labels: backward-incompatible
>
> User A has drop privs for a table, but does not have delete privs on table
> HDFS path & table purge is enabled. When User A fires drop table command, HMS
> metadata is removed but HDFS files are left as-is & drop is reported
> successful leaving stale files.
> For example, the drop table query is completed successfully.
> {code:java}
> 0: jdbc:hive2://> drop table testtb_ex1
> INFO : Semantic Analysis Completed (retrial = false)
> INFO : Created Hive schema: Schema(fieldSchemas:null, properties:null)
> INFO : Completed compiling
> command(queryId=hive_20221213121153_67cc8de3-9bd1-47c5-b2ec-13f6a0cd5125);
> Time taken: 0.032 seconds
> INFO : Executing
> command(queryId=hive_20221213121153_67cc8de3-9bd1-47c5-b2ec-13f6a0cd5125):
> drop table testtb_ex1
> INFO : Starting task [Stage-0:DDL] in serial mode
> INFO : Completed executing
> command(queryId=hive_20221213121153_67cc8de3-9bd1-47c5-b2ec-13f6a0cd5125);
> Time taken: 0.413 seconds
> INFO : OK
> No rows affected (0.516 seconds) {code}
> However, the table HDFS data deletion fails
> {code:java}
> 2022-12-13 12:11:53,700 ERROR
> org.apache.hadoop.hive.metastore.utils.MetaStoreUtils: [pool-6-thread-73]:
> Got exception: org.apache.hadoop.security.AccessControlException Permission
> denied by sticky bit: user
> =oozie,
> path="/warehouse/tablespace/external/hive/testtb_ex1":hive:hive:drwxr-xr-x,
> parent="/warehouse/tablespace/external/hive":hive:hive:drwxrwxrwt{code}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
