[jira] [Created] (HIVE-2554) Hive authorization with remote metastore does not work

Alex Holmes (Created) (JIRA) Sun, 06 Nov 2011 21:11:17 -0800

Hive authorization with remote metastore does not work
------------------------------------------------------


                 Key: HIVE-2554
                 URL: https://issues.apache.org/jira/browse/HIVE-2554
             Project: Hive
          Issue Type: Bug
          Components: Security
    Affects Versions: 0.7.1
         Environment: CentOS release 5.7
Hadoop 0.20.2 (pseudo-distributed mode)
            Reporter: Alex Holmes


*Install Hadoop 0.20.2*

#  Explode Hadoop 0.20.2 tarball
#  Configure for pseudo-distributed mode from [Hadoop 
site|http://hadoop.apache.org/common/docs/r0.20.2/quickstart.html#PseudoDistributed]
#  Create user "hadoop"
#  Start all Hadoop daemons as user hadoop

*Install Hive 0.7.1*

#  Explode Hive 0.7.1 tarball
#  Create user "hive"
#  Configure Hive to run with remote metastore, and with authentication.  
Contents of hive-site.xml are:
{code}
<configuration>
<property>
  <name>hive.metastore.local</name>
  <value>false</value>
</property>
<property>
  <name>hive.metastore.uris</name>
  <value>thrift://localhost:9083</value>
</property>
<property>
 <name>hive.security.authorization.enabled</name>
 <value>true</value>
</property>
</configuration>
{code}
# Create and open-up the Hive-related directories in HDFS
hadoop fs -mkdir /user/hive/warehouse
hadoop fs -chmod -R 777 /user/hive/warehouse
hadoop fs -mkdir /tmp
hadoop fs -chmod -R 777 /tmp


*Run the metastore*
./hive --service metastore

*Run the hive client*

The exception below is thrown regardless of which user is running the metastore 
and client (tried as both the hive and hadoop users, and combinations thereof).

{code}
./hive
hive> set hive.security.authorization.enabled=false;
hive> CREATE TABLE pokes (foo INT, bar STRING) ROW FORMAT DELIMITED FIELDS 
TERMINATED BY '-' STORED AS TEXTFILE;
OK
hive> LOAD DATA LOCAL INPATH '/tmp/foobar.txt' OVERWRITE INTO TABLE pokes;
Copying data from file:/tmp/foobar.txt
Copying file: file:/tmp/foobar.txt
Loading data to table default.pokes
Deleted hdfs://localhost:9000/user/hive/warehouse/pokes
OK
Time taken: 0.443 seconds
hive> grant select on table pokes to user hive;
OK
Time taken: 0.191 seconds
hive> set hive.security.authorization.enabled=true;
hive> show grant user hive on table pokes;
OK

database        default 
table   pokes   
principalName   hive    
principalType   USER    
privilege       Select  
grantTime       1320642081      
grantor hadoop  
Time taken: 0.084 seconds
hive> select * from pokes;
FAILED: Hive Internal Error: 
org.apache.hadoop.hive.ql.metadata.HiveException(org.apache.thrift.TApplicationException:
 get_privilege_set failed: unknown result)
org.apache.hadoop.hive.ql.metadata.HiveException: 
org.apache.thrift.TApplicationException: get_privilege_set failed: unknown 
result
        at 
org.apache.hadoop.hive.ql.metadata.Hive.get_privilege_set(Hive.java:1617)
        at 
org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorizeUserPriv(DefaultHiveAuthorizationProvider.java:201)
        at 
org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorizeUserAndDBPriv(DefaultHiveAuthorizationProvider.java:226)
        at 
org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorizeUserDBAndTable(DefaultHiveAuthorizationProvider.java:259)
        at 
org.apache.hadoop.hive.ql.security.authorization.DefaultHiveAuthorizationProvider.authorize(DefaultHiveAuthorizationProvider.java:159)
        at org.apache.hadoop.hive.ql.Driver.doAuthorization(Driver.java:531)
        at org.apache.hadoop.hive.ql.Driver.compile(Driver.java:393)
        at org.apache.hadoop.hive.ql.Driver.run(Driver.java:736)
        at org.apache.hadoop.hive.cli.CliDriver.processCmd(CliDriver.java:164)
        at org.apache.hadoop.hive.cli.CliDriver.processLine(CliDriver.java:241)
        at org.apache.hadoop.hive.cli.CliDriver.main(CliDriver.java:456)
        at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at 
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
        at 
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
        at java.lang.reflect.Method.invoke(Method.java:597)
        at org.apache.hadoop.util.RunJar.main(RunJar.java:156)
Caused by: org.apache.thrift.TApplicationException: get_privilege_set failed: 
unknown result
        at 
org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.recv_get_privilege_set(ThriftHiveMetastore.java:2414)
        at 
org.apache.hadoop.hive.metastore.api.ThriftHiveMetastore$Client.get_privilege_set(ThriftHiveMetastore.java:2379)
        at 
org.apache.hadoop.hive.metastore.HiveMetaStoreClient.get_privilege_set(HiveMetaStoreClient.java:1042)
        at 
org.apache.hadoop.hive.ql.metadata.Hive.get_privilege_set(Hive.java:1615)
        ... 15 more
{code}


--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Created] (HIVE-2554) Hive authorization with remote metastore does not work

Reply via email to