[
https://issues.apache.org/jira/browse/HIVE-6245?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13999506#comment-13999506
]
Venki Korukanti commented on HIVE-6245:
---------------------------------------
This looks like still a problem on trunk. I tried on latest trunk. Problem
seems be that {{sessionHive}} object in {{HiveSessionImplwithUGI}} is never
initialized if the authentication mechanism is not {{KERBEROS}}. Currently
{{sessionHive}} is initialized in {{HiveSessionImplwithUGI.setDelegationToken}}
only if the delegation token is not null. Delegation token is not null when
authentication mechanism is {{KERBEROS}}. As {{sessionHive}} is null when
{{HiveSessionImplwithUGI.acquire()}} is called a {{Hive}} object with
MetaStoreClient of this session user is not set. So whatever the worker thread
has {{Hive}} object in its thread variable, it will get used.
To repro it consistently set the following parameters in hive-site.xml and
restart hiveserver2. And try creating tables as two different users.
{code}
hive.server2.thrift.min.worker.threads=1;
hive.server2.thrift.max.worker.threads=1;
{code}
> HS2 creates DBs/Tables with wrong ownership when HMS setugi is true
> -------------------------------------------------------------------
>
> Key: HIVE-6245
> URL: https://issues.apache.org/jira/browse/HIVE-6245
> Project: Hive
> Issue Type: Bug
> Components: HiveServer2
> Affects Versions: 0.12.0
> Reporter: Chaoyu Tang
> Assignee: Chaoyu Tang
> Attachments: HIVE-6245.2.patch.txt, HIVE-6245.patch
>
>
> The case with following settings is valid but does not work correctly in
> current HS2:
> ==
> hive.server2.authentication=NONE (or LDAP)
> hive.server2.enable.doAs= true
> hive.metastore.sasl.enabled=false
> hive.metastore.execute.setugi=true
> ==
> Ideally, HS2 is able to impersonate the logged in user (from Beeline, or JDBC
> application) and create DBs/Tables with user's ownership.
--
This message was sent by Atlassian JIRA
(v6.2#6252)
