Support Questions
Find answers, ask questions, and share your expertise
Announcements
Alert: Welcome to the Unified Cloudera Community. Former HCC members be sure to read and learn how to activate your account here.

Can't execute query - Permission denied?,Can't execute DDL query

Solved Go to solution

Can't execute query - Permission denied?,Can't execute DDL query

New Contributor

Hi, I encountered this 'permission denied - 500' error when executing the DDL query.

<small>java.sql.SQLException: Error while processing statement: FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. MetaException(message:java.security.AccessControlException: Permission denied: user=hive, access=WRITE, inode="/apps":hdfs:hdfs:drwxr-xr-x
	at org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.check(FSPermissionChecker.java:319)
	at org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.checkPermission(FSPermissionChecker.java:219)
	at org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.checkPermission(FSPermissionChecker.java:190)
	at org.apache.hadoop.hdfs.server.namenode.FSDirectory.checkPermission(FSDirectory.java:1955)
	at org.apache.hadoop.hdfs.server.namenode.FSDirectory.checkPermission(FSDirectory.java:1939)
	at org.apache.hadoop.hdfs.server.namenode.FSDirectory.checkPathAccess(FSDirectory.java:1913)
	at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkAccess(FSNamesystem.java:8751)
	at org.apache.hadoop.hdfs.server.namenode.NameNodeRpcServer.checkAccess(NameNodeRpcServer.java:2089)
	at org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.checkAccess(ClientNamenodeProtocolServerSideTranslatorPB.java:1454)
	at org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(ClientNamenodeProtocolProtos.java)
	at org.apache.hadoop.ipc.ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine.java:640)
	at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:982)
	at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2351)
	at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2347)
	at java.security.AccessController.doPrivileged(Native Method)
	at javax.security.auth.Subject.doAs(Subject.java:422)
	at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1866)
	at org.apache.hadoop.ipc.Server$Handler.run(Server.java:2345) </small>

)


I am on admin account. I need help as this is my first time dealing with HDCloud.
Thank you very much.

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Can't execute query - Permission denied?,Can't execute DDL query

Hi @Mohammad Shazreen Bin Haini,

Your query is trying to write to /apps location to which "hive" user doesn't have permission.

Change the permission of the folder and try running the query.

hdfs dfs -chmod 777 /apps

Thanks,

Aditya

13 REPLIES 13

Re: Can't execute query - Permission denied?,Can't execute DDL query

Hi @Mohammad Shazreen Bin Haini,

Your query is trying to write to /apps location to which "hive" user doesn't have permission.

Change the permission of the folder and try running the query.

hdfs dfs -chmod 777 /apps

Thanks,

Aditya

Re: Can't execute query - Permission denied?,Can't execute DDL query

New Contributor

Thank you for the response...but where should I enter this command?

Re: Can't execute query - Permission denied?,Can't execute DDL query

New Contributor

@Mohammad Shazreen Bin Haini, Based on the question tag, I believe that you're using Sandbox. You will need to ssh into the Sandbox and type in command there. You can learn more here: https://hortonworks.com/hadoop-tutorial/learning-the-ropes-of-the-hortonworks-sandbox/

Re: Can't execute query - Permission denied?,Can't execute DDL query

New Contributor

No I don't have Sandbox installed, my PC is too weak for it.
Is there any way to enter that command using Ambari Web or HDCloud CLI?

I'm following tutorial-410 and I believe Sandbox is not a prerequisite for this.

Re: Can't execute query - Permission denied?,Can't execute DDL query

@Mohammad Shazreen Bin Haini,

ssh to the node where Ambari is installed / HDFS client is installed and you can run the command there.

As @Peter Kim mentioned , check the permissions of those directories before changing.

Thanks,

Aditya

Re: Can't execute query - Permission denied?,Can't execute DDL query

Cloudera Employee

@Mohammad Shazreen Bin Haini To change the permission from Ambari, you can use Files View under Views sections.

Re: Can't execute query - Permission denied?,Can't execute DDL query

Expert Contributor

@Mohammad Shazreen Bin Haini

If you are using ranger to manage permissions, there should 2 default policies. 1) HDFS policy - that gives hive full permission to read/write to /apps/hive/warehouse directory. 2) Hive policy - that gives hive full permission "hive" user to create, drop databases, tables.

Highlighted

Re: Can't execute query - Permission denied?,Can't execute DDL query

New Contributor

If you're querying to default hive table in hive database in HDFS, then do not change access permission.

Originally, hive default warehouse directory in HDFS is "/apps/hive/warehouse".

So you should check the permission of these directories before change permission.

/app : 755 hdfs:hdfs

/app/hive : 755 hdfs:hdfs

/app/hive/warehouse : 777 hive:hdfs

Re: Can't execute query - Permission denied?,Can't execute DDL query

New Contributor

Thank you for the response...but where should I enter this command?

Don't have an account?
Coming from Hortonworks? Activate your account here