Hello,
We are using Hive 0.11 and are using kerberos authentication for our
cluster.
I just tried out enabling Storage Based Authorization as described here:
https://cwiki.apache.org/confluence/display/Hive/Storage+Based+Authorization+in+the+Metastore+Server
Using the cli, I then created a database
hive> create database thomas_test location
"/user/thomas.larsson/thomas_test";
OK
Time taken: 0.527 seconds
hive> use thomas_test;
OK
Time taken: 0.119 seconds
Then I created some data in an hdfs folder:
$ rm numbers ;
$ for i in {90..900}; do echo "$i" >> numbers; done
$ for i in {10..100}; do echo "$i" >> numbers; done
$ for i in {40..400}; do echo "$i" >> numbers; done
$ IN="/user/thomas.larsson/thomas_test/some_table"
$ hadoop fs -rm -r $IN
$ hadoop fs -mkdir -p $IN
$ hadoop fs -copyFromLocal numbers $IN
and then try to create a table on top of that data:
hive> create table foo (key int) location
'/user/thomas.larsson/thomas_test/some_table';
FAILED: Execution Error, return code 1 from
org.apache.hadoop.hive.ql.exec.DDLTask.
MetaException(message:java.security.AccessControlException: action WRITE
not permitted on path /user/thomas.larsson/thomas_test/some_table for user
thomas.larsson@OUR.REALM)
Lets check the file permissions on hdfs:
$ hadoop fs -ls /user/thomas.larsson/
...
drwxr-xr-x - thomas.larsson thomas.larsson 0 2015-02-16 14:37
/user/thomas.larsson/thomas_test
$ hadoop fs -ls /user/thomas.larsson/thomas_test
Found 1 items
drwxr-xr-x - thomas.larsson thomas.larsson 0 2015-02-16 14:37
/user/thomas.larsson/thomas_test/some_table
Can someone tell me what I am doing wrong?
Should I be suspicous of the fact that my user name is "thomas.larsson"
while my kerberos principal is "thomas.larsson@OUR.REALM"?
Best Regards
/Thomas
