[
https://issues.apache.org/jira/browse/HIVE-8643?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ashutosh Chauhan updated HIVE-8643:
-----------------------------------
Fix Version/s: (was: 0.15.0)
> DDL operations via WebHCat with doAs parameter in secure cluster fail
> ---------------------------------------------------------------------
>
> Key: HIVE-8643
> URL: https://issues.apache.org/jira/browse/HIVE-8643
> Project: Hive
> Issue Type: Bug
> Components: WebHCat
> Affects Versions: 0.14.0
> Reporter: Eugene Koifman
> Assignee: Eugene Koifman
> Priority: Critical
> Fix For: 0.14.0
>
> Attachments: HIVE-8643.2.patch, HIVE-8643.3.patch, HIVE-8643.patch
>
>
> webhcat handles DDL command by forking to 'hcat', i.e. HCatCli
> This starts a session.
> SessionState.start() creates scratch dir based on current user name
> via startSs.createSessionDirs(sessionUGI.getShortUserName());
> This UGI is not aware of doAs param, so the name of the dir always ends up
> 'hcat', but because a delegation token is generated in WebHCat for HDFS
> access, the owner of the scratch dir is the calling user. Thus next time a
> session is started (because of a new DDL call from different user), it ends
> up trying to use the same scratch dir but cannot as it has 700 permission set.
> We need to pass in doAs user into SessionState
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
