Re: HDFS directory in /user/hive/warehouse getting "hive" as Owner ?

[Sanjay Subramanian]

I am using
Hive Version: 0.9.0+155-1.cdh4.1.2.p0.21~precise-cdh4.1.2
My metastore is MySQL

My hive.security.authorization.enabled is set to false as of now…I am not able 
to add partitions if I keep that as true

 <property>
    <name>hive.security.authorization.enabled</name>
    <value>false</value>
    <description>enable or disable the hive client authorization</description>
  </property>


I have not defined a property=hive.security.authorization.manager

Thanks
sanjay

From: Nitin Pawar <nitinpawar...@gmail.com<mailto:nitinpawar...@gmail.com>>
Reply-To: "user@hive.apache.org<mailto:user@hive.apache.org>" 
<user@hive.apache.org<mailto:user@hive.apache.org>>
Date: Monday, March 25, 2013 7:43 PM
To: "user@hive.apache.org<mailto:user@hive.apache.org>" 
<user@hive.apache.org<mailto:user@hive.apache.org>>
Subject: Re: HDFS directory in /user/hive/warehouse getting "hive" as Owner ?

YARN should not play any role in any create table statement. It just creates a 
directory with DFSClient. Normally it tries to create it with the cli userid in 
my experience.

which version of hive are you using?
which is your metastore?

Can you check for the following values?

 <property>
    <name>hive.security.authorization.enabled</name>
    <value>true</value>
    <description>enable or disable the hive client authorization</description>
  </property>

  <property>
    <name>hive.security.authorization.manager</name>
    <value>org.apache.hcatalog.security.HdfsAuthorizationProvider</value>
    <description>the hive client authorization manager class name.
    The user defined authorization class should implement interface
    org.apache.hadoop.hive.ql.security.authorization.HiveAuthorizationProvider.
    </description>
  </property>


On Tue, Mar 26, 2013 at 7:48 AM, Sanjay Subramanian 
<sanjay.subraman...@wizecommerce.com<mailto:sanjay.subraman...@wizecommerce.com>>
 wrote:
Hi Nitin
I notice this peculiarity in Yarn and Hive
I have another earlier cluster with MRv1 where I have created and run several 
hive tables and scripts ; The same test Create Table script gives the correct 
owner name
I added location but that did not help
hive -e "CREATE TABLE name (id INT,  name STRING) LOCATION 
'/user/hive/warehouse/name';"

Thanks
Sanjay

From: Nitin Pawar <nitinpawar...@gmail.com<mailto:nitinpawar...@gmail.com>>
Reply-To: "user@hive.apache.org<mailto:user@hive.apache.org>" 
<user@hive.apache.org<mailto:user@hive.apache.org>>
Date: Monday, March 25, 2013 7:13 PM
To: "user@hive.apache.org<mailto:user@hive.apache.org>" 
<user@hive.apache.org<mailto:user@hive.apache.org>>
Subject: Re: HDFS directory in /user/hive/warehouse getting "hive" as Owner ?

Forgot to add,
if you want full filesystem level security on HDFS then you will need to enable 
kerberos based security.


On Tue, Mar 26, 2013 at 7:41 AM, Nitin Pawar 
<nitinpawar...@gmail.com<mailto:nitinpawar...@gmail.com>> wrote:
Sanjay,

can you try adding 'LOCATION' clause to your create statement.
By default the hive warehouse directory is writable by all the user. To create 
it by the individual users you need to provide by the location clause.


On Tue, Mar 26, 2013 at 7:31 AM, Sanjay Subramanian 
<sanjay.subraman...@wizecommerce.com<mailto:sanjay.subraman...@wizecommerce.com>>
 wrote:
Steps to recreate the use case:

- Log in as sasubramanian to Linux Box
- Execute hive -e "CREATE TABLE name (id INT,  name STRING);"
- Go to HDFS /user/hive/warehouse/

Name  Type  Size  Replication  Block Size  Modification Time      Permission  
Owner  Group
name  dir                                  2013-03-25 18:57 rwxr-xr-x   hive   
supergroup

I want the table top be created as Owner = sasubramanian
How can I do that ?

Thanks
sanjay

CONFIDENTIALITY NOTICE
======================
This email message and any attachments are for the exclusive use of the 
intended recipient(s) and may contain confidential and privileged information. 
Any unauthorized review, use, disclosure or distribution is prohibited. If you 
are not the intended recipient, please contact the sender by reply email and 
destroy all copies of the original message along with any attachments, from 
your computer system. If you are the intended recipient, please be advised that 
the content of this message is subject to access, review and disclosure by the 
sender's Email System Administrator.



--
Nitin Pawar



--
Nitin Pawar

CONFIDENTIALITY NOTICE
======================
This email message and any attachments are for the exclusive use of the 
intended recipient(s) and may contain confidential and privileged information. 
Any unauthorized review, use, disclosure or distribution is prohibited. If you 
are not the intended recipient, please contact the sender by reply email and 
destroy all copies of the original message along with any attachments, from 
your computer system. If you are the intended recipient, please be advised that 
the content of this message is subject to access, review and disclosure by the 
sender's Email System Administrator.



--
Nitin Pawar

CONFIDENTIALITY NOTICE
======================
This email message and any attachments are for the exclusive use of the 
intended recipient(s) and may contain confidential and privileged information. 
Any unauthorized review, use, disclosure or distribution is prohibited. If you 
are not the intended recipient, please contact the sender by reply email and 
destroy all copies of the original message along with any attachments, from 
your computer system. If you are the intended recipient, please be advised that 
the content of this message is subject to access, review and disclosure by the 
sender's Email System Administrator.