[ https://issues.apache.org/jira/browse/SENTRY-1392?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Lars Francke updated SENTRY-1392: --------------------------------- Attachment: SENTRY-1392.001.patch > Umask 077 leads to Hive crash with Sentry > ----------------------------------------- > > Key: SENTRY-1392 > URL: https://issues.apache.org/jira/browse/SENTRY-1392 > Project: Sentry > Issue Type: Bug > Components: Hive Binding > Affects Versions: 1.5.1 > Environment: CDH 5.7.1, Sentry 1.5.1 > Reporter: Marek Sušický > Priority: Major > Labels: easyfix > Attachments: SENTRY-1392.001.patch > > Original Estimate: 24h > Remaining Estimate: 24h > > Hi, > I installed CDH with Sentry and in Impala everything works fine. We have > security demands that umask 077 should be used, so I changed default 022 to > 077. > But Hive says "No databases found.". In /var/log/hive is following stacktrace: > 2016-07-08 16:05:58,085 WARN > org.apache.sentry.binding.metastore.SentryMetaStoreFilterHook: > [HiveServer2-Handler-Pool: Thread-54]: Error getting DB list > org.apache.hadoop.hive.ql.parse.SemanticException: > org.apache.sentry.binding.hive.conf.InvalidConfigurationException: > fs.permissions.umask-mode should be 077 in non-testing mode > at > org.apache.sentry.binding.hive.HiveAuthzBindingHook.getHiveBindingWithPrivilegeCache(HiveAuthzBindingHook.java:978) > at > org.apache.sentry.binding.hive.HiveAuthzBindingHook.filterShowDatabases(HiveAuthzBindingHook.java:836) > at > org.apache.sentry.binding.metastore.SentryMetaStoreFilterHook.filterDb(SentryMetaStoreFilterHook.java:131) > at > org.apache.sentry.binding.metastore.SentryMetaStoreFilterHook.filterDatabases(SentryMetaStoreFilterHook.java:59) > at > org.apache.hadoop.hive.metastore.HiveMetaStoreClient.getDatabases(HiveMetaStoreClient.java:1014) > ...... > ...... > Caused by: org.apache.sentry.binding.hive.conf.InvalidConfigurationException: > fs.permissions.umask-mode should be 077 in non-testing mode > at > org.apache.sentry.binding.hive.authz.HiveAuthzBinding.validateHiveServer2Config(HiveAuthzBinding.java:196) > at > org.apache.sentry.binding.hive.authz.HiveAuthzBinding.validateHiveConfig(HiveAuthzBinding.java:148) > at > org.apache.sentry.binding.hive.authz.HiveAuthzBinding.<init>(HiveAuthzBinding.java:96) > at > org.apache.sentry.binding.hive.HiveAuthzBindingHook.getHiveBindingWithPrivilegeCache(HiveAuthzBindingHook.java:974) > ... 30 more > I investigated this issue and in sourcecode I found following lines: > if("077".equalsIgnoreCase(defaultUmask)) { > LOG.error("HiveServer2 required a default umask of 077"); > throw new > InvalidConfigurationException(CommonConfigurationKeys.FS_PERMISSIONS_UMASK_KEY > + > " should be 077 in non-testing mode"); > } > I think, that one exclamation mark is missing: > if (!"077".equalsIgnoreCase(defaultUmask))..... > Thanks > Marek -- This message was sent by Atlassian JIRA (v7.6.3#76005)