Support Questions
Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Advanced Search

Hive action in oozie running under "hive" user?

Hive action in oozie running under "hive" user?

Labels:
MartinEK
Rising Star

Created ‎09-14-2015 09:26 AM

Hello,

As per my understanding, Hive actions in oozie workflows are run with the same user who submitted the workflow. As such statements such as CREATE EXTERNAL TABLE t1 ... LOCATION /foo/bar/t1 will result in the necessary directory structure in HDFS being created with that user. This is what we normally observe. But in a few cases, I have seen that the directory is getting created with user "hive" which then results in all sorts of HDFS permission errors such as:

 

org.apache.hadoop.hive.ql.metadata.HiveException: MetaException(message:Got exception: org.apache.hadoop.security.AccessControlException Permission denied: user=hive, access=WRITE, inode="/foo/bar":my_expected_user:my_expected_group:drwxr-xr-x

Has anyone come across this behaviour? Is it expected under some conditions or is a misconfiguration or a bug?

 

Many thanks,

Martin

 

Reply
1,134 Views
0 Kudos
2 REPLIES 2
Highlighted

Re: Hive action in oozie running under "hive" user

Harsh J
Master Guru

Created ‎09-14-2015 09:53 AM

It is the Hive MetaStore Server that will attempt creation of the
table/db/warehouse directories typically. This service runs as the 'hive'
user, thereby the error.

There is some form of impersonation support in HMS, via server+client
config "hive.metastore.execute.setugi" set as true. Perhaps you are looking
to set this option (on both, the Hive action (client) and the HMS service
(server)) and retry?
Reply
1,131 Views
0 Kudos
Highlighted

Re: Hive action in oozie running under "hive" user

MartinEK
Rising Star

Created ‎09-14-2015 10:00 AM

Hi Harsh, thanks for the follow up.

 

In my observation (on CDH 5.3.4), Hive actions are almost alway run as the user who submitted the Oozie workflow in Hue. And as such any directory created by the Hive table creation is also created by this user. But clearly sometimes it is the service "hive" user. Is it deterministic? i.e. given a Hive workflow action with a given script can I tell which user will end up running it??

 

Thanks,

Martin

Reply
1,130 Views
0 Kudos
Don't have an account?
Register
Announcements
Product Announcements
[ANNOUNCE] New Cloudera JDBC 2.6.20 Driver for Apache Impala Released
Product Announcements
Transition to private repositories for CDH, HDP and HDF
Product Announcements
[ANNOUNCE] New Applied ML Research from Cloudera Fast Forward: Few-Shot Text Classification
Product Announcements
[ANNOUNCE] New JDBC 2.6.13 Driver for Apache Hive Released
Product Announcements
[ANNOUNCE] Refreshed Research from Cloudera Fast Forward: Semantic Image Search and Federated Learning
View More Announcements