Eugene Koifman created HIVE-8643: ------------------------------------ Summary: DDL operations via WebHCat with doAs parameter in secure cluster fail Key: HIVE-8643 URL: https://issues.apache.org/jira/browse/HIVE-8643 Project: Hive Issue Type: Bug Components: WebHCat Affects Versions: 0.14.0 Reporter: Eugene Koifman Assignee: Eugene Koifman Priority: Critical
webhcat handles DDL command by forking to 'hcat', i.e. HCatCli This starts a session. SessionState.start() creates scratch dir based on current user name via startSs.createSessionDirs(sessionUGI.getShortUserName()); This UGI is not aware of doAs param, so the name of the dir always ends up 'hcat', but because a delegation token is generated in WebHCat for HDFS access, the owner of the scratch dir is the calling user. Thus next time a session is started (because of a new DDL call from different user), it ends up trying to use the same scratch dir but cannot as it has 700 permission set. We need to pass in doAs user into SessionState -- This message was sent by Atlassian JIRA (v6.3.4#6332)