Hi apoloze for bringing up old post(email) but does *hive.metastore.execute.setugi *property work properly? I'm using Hive 0.11 with Hadoop 2.0.0
after setting hive.metastore.execute.setugi to true and logging into *ben*system account, if i create a table with "*create table pokes(foo int, bar string)*" it creates /hive/warehouse/pokes with owner set to hive and if I "*drop table pokes*", I get "OK" message but from the server side i get following error 2013-06-07 20:32:27,594 ERROR metastore.HiveMetaStore > (HiveMetaStore.java:deleteTableData(1220)) - Failed to delete table > directory: hdfs://server01/hive/warehouse/ben Got exception: > org.apache.hadoop.security.AccessControlException Permission denied: user= > *hive*, access=ALL, inode="/hive/warehouse/pokes":ben:hadoop:drwxr-xr-x > at > org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.check(FSPermissionChecker.java:224) > at > org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.checkSubAccess(FSPermissionChecker.java:191) > at > org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.checkPermission(FSPermissionChecker.java:158) > at > org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkPermission(FSNamesystem.java:4716) > at > org.apache.hadoop.hdfs.server.namenode.FSNamesystem.deleteInternal(FSNamesystem.java:2816) > at > org.apache.hadoop.hdfs.server.namenode.FSNamesystem.deleteInt(FSNamesystem.java:2777) > at > org.apache.hadoop.hdfs.server.namenode.FSNamesystem.delete(FSNamesystem.java:2764) > at > org.apache.hadoop.hdfs.server.namenode.NameNodeRpcServer.delete(NameNodeRpcServer.java:621) > at > org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.delete(ClientNamenodeProtocolServerSideTranslatorPB.java:408) > at > org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(ClientNamenodeProtocolProtos.java:44968) > at > org.apache.hadoop.ipc.ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine.java:453) > at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:1002) > at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:1701) > at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:1697) > at java.security.AccessController.doPrivileged(Native Method) > at javax.security.auth.Subject.doAs(Subject.java:415) > at > org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1408) > at org.apache.hadoop.ipc.Server$Handler.run(Server.java:1695) > so even with the configuration, hive is still trying to create and remove table with hive user instead of ben. If anyone had similar issue please share with us. Thankyou alot! * * ** * * On Wed, Mar 27, 2013 at 7:46 AM, Sanjay Subramanian < sanjay.subraman...@wizecommerce.com> wrote: > Ok I solved this > The default setting *hive.metastore.execute.setugi* in Hive is FALSE > Adding this to the hive-site.xml solved it > > <property> > <name>hive.metastore.execute.setugi</name> > <value>true</value> > <description>In unsecure mode, setting this property to true will cause > the metastore to execute DFS operations using the client's reported user > and group permissions. Note that this property must be set on both the > client and server sides. Further note that its best effort. If client sets > its to true and server sets it to false, client setting will be > ignored.</description> > </property> > > > From: Sanjay Subramanian <sanjay.subraman...@wizecommerce.com> > Reply-To: "user@hive.apache.org" <user@hive.apache.org> > Date: Monday, March 25, 2013 7:01 PM > To: "user@hive.apache.org" <user@hive.apache.org> > Subject: HDFS directory in /user/hive/warehouse getting "hive" as Owner ? > > Steps to recreate the use case: > > - Log in as *sasubramanian* to Linux Box > - Execute hive -e "CREATE TABLE name (id INT, name STRING);" > - Go to HDFS /user/hive/warehouse/ > > Name Type Size Replication Block Size Modification Time > Permission Owner Group > name dir 2013-03-25 18:57 rwxr-xr-x * > hive* supergroup > > I want the table top be created as Owner = sasubramanian > How can I do that ? > > Thanks > sanjay > > CONFIDENTIALITY NOTICE > ====================== > This email message and any attachments are for the exclusive use of the > intended recipient(s) and may contain confidential and privileged > information. Any unauthorized review, use, disclosure or distribution is > prohibited. If you are not the intended recipient, please contact the > sender by reply email and destroy all copies of the original message along > with any attachments, from your computer system. If you are the intended > recipient, please be advised that the content of this message is subject to > access, review and disclosure by the sender's Email System Administrator. > > CONFIDENTIALITY NOTICE > ====================== > This email message and any attachments are for the exclusive use of the > intended recipient(s) and may contain confidential and privileged > information. Any unauthorized review, use, disclosure or distribution is > prohibited. If you are not the intended recipient, please contact the > sender by reply email and destroy all copies of the original message along > with any attachments, from your computer system. If you are the intended > recipient, please be advised that the content of this message is subject to > access, review and disclosure by the sender's Email System Administrator. > -- *Benjamin Kim* *benkimkimben at gmail*
