Hive / HCatalog Forum

Hive permissions

  • #10815
    Gabor Makrai

    Hi guys,

    I’m trying the virtual sandbox and I have a question for you. Your Hive seems to me different from the standard Hive in the meaning of handling table files permission. When you are creating a new table in standard Hive, you will get the “-rw-r–r– ” permission, but your system will set “-r———” permission. This is very bad for me, because I have users (who are different from hive user), and they want to open these files!
    Is this a configuration somewhere inside Hive or Hadoop system, or why didn’t I get the same permissons on my HDFS?

    Thank you,

to create new topics or reply. | New User Registration

  • Author
  • #10817
    Sasha J

    As a workaround you can use “hadoop fs -chmod” command.
    Like this:

    hive> select * from test1;
    Authorization action READ not permitted on path hdfs://node:8020/apps/hive/warehouse/test1 for user hive. Use show grant to get more details.

    [test@node ~]$ hadoop fs -chmod -R 755 /apps/hive/warehouse/test1
    [test@node ~]$ hadoop fs -ls /apps/hive/warehouse
    drwx—— – hive hdfs 0 2012-10-11 08:35 /apps/hive/warehouse/test
    drwxr-xr-x – test hdfs 0 2012-10-11 08:36 /apps/hive/warehouse/test1
    [test@node ~]$

    hive> select * from test1;
    Time taken: 0.161 seconds

    Sasha J

    To make change permanent, you should change dfs.umaskmode property in hdfs-site.xml file.
    It set to 077 by default in HDP, you can set it to 022 (same notation as UNIX umask settings)

    Gabor Makrai

    Hi Sasha,

    Thanks for your answer! It is very useful! (I used your instructions and got the right result, moreover I run filesystem commands from hive cli/hiveservice so the permission problem is solved for me!) What I would like to know now what is the intuition behind this settings modification? I know that means the following, data stored in Hive is separated from other users and it can be handled by only Hive. Am I understanding well this configuration modification? Or is there any other reason? This information can be very important for me!


    Sasha J

    you are right, the idea behind this is try to have a little bit more secure environment.
    Same as on Linux level, default umask is 022, so group members and others can read and execute your files.
    But you can harden this and set it to 037 for example, so group members can only , and no access to anyone else provided.


    As follow on to this thread, Do you make this change on ‘every’ node in the cluster?


    Seth Lyubich

    Hi Trevor,

    I think you will need to make a change on the NameNode only. You can test by changing configuration and checking permissions of the new files.

    Hope this helps.


You must be to reply to this topic. | Create Account

Support from the Experts

A HDP Support Subscription connects you experts with deep experience running Apache Hadoop in production, at-scale on the most demanding workloads.

Enterprise Support »

Become HDP Certified

Real world training designed by the core architects of Hadoop. Scenario-based training courses are available in-classroom or online from anywhere in the world

Training »

Hortonworks Data Platform
The Hortonworks Data Platform is a 100% open source distribution of Apache Hadoop that is truly enterprise grade having been built, tested and hardened with enterprise rigor.
Get started with Sandbox
Hortonworks Sandbox is a self-contained virtual machine with Apache Hadoop pre-configured alongside a set of hands-on, step-by-step Hadoop tutorials.
Modern Data Architecture
Tackle the challenges of big data. Hadoop integrates with existing EDW, RDBMS and MPP systems to deliver lower cost, higher capacity infrastructure.