Home Forums Hive / HCatalog Hive permissions

This topic contains 6 replies, has 4 voices, and was last updated by  Seth Lyubich 1 year, 3 months ago.

  • Creator
    Topic
  • #10815

    Gabor Makrai
    Member

    Hi guys,

    I’m trying the virtual sandbox and I have a question for you. Your Hive seems to me different from the standard Hive in the meaning of handling table files permission. When you are creating a new table in standard Hive, you will get the “-rw-r–r– ” permission, but your system will set “-r———” permission. This is very bad for me, because I have users (who are different from hive user), and they want to open these files!
    Is this a configuration somewhere inside Hive or Hadoop system, or why didn’t I get the same permissons on my HDFS?

    Thank you,
    Gabor

Viewing 6 replies - 1 through 6 (of 6 total)

You must be logged in to reply to this topic.

  • Author
    Replies
  • #23505

    Seth Lyubich
    Keymaster

    Hi Trevor,

    I think you will need to make a change on the NameNode only. You can test by changing configuration and checking permissions of the new files.

    Hope this helps.

    Thanks,
    Seth

    Collapse
    #23173

    As follow on to this thread, Do you make this change on ‘every’ node in the cluster?

    –Trevor

    Collapse
    #10854

    Sasha J
    Moderator

    Gabor,
    you are right, the idea behind this is try to have a little bit more secure environment.
    Same as on Linux level, default umask is 022, so group members and others can read and execute your files.
    But you can harden this and set it to 037 for example, so group members can only , and no access to anyone else provided.

    Collapse
    #10852

    Gabor Makrai
    Member

    Hi Sasha,

    Thanks for your answer! It is very useful! (I used your instructions and got the right result, moreover I run filesystem commands from hive cli/hiveservice so the permission problem is solved for me!) What I would like to know now what is the intuition behind this settings modification? I know that means the following, data stored in Hive is separated from other users and it can be handled by only Hive. Am I understanding well this configuration modification? Or is there any other reason? This information can be very important for me!

    Thanks,
    Gabor

    Collapse
    #10846

    Sasha J
    Moderator

    To make change permanent, you should change dfs.umaskmode property in hdfs-site.xml file.
    It set to 077 by default in HDP, you can set it to 022 (same notation as UNIX umask settings)

    Collapse
    #10817

    Sasha J
    Moderator

    As a workaround you can use “hadoop fs -chmod” command.
    Like this:

    hive> select * from test1;
    Authorization failed:org.apache.hadoop.security.AccessControlException: action READ not permitted on path hdfs://node:8020/apps/hive/warehouse/test1 for user hive. Use show grant to get more details.

    [test@node ~]$ hadoop fs -chmod -R 755 /apps/hive/warehouse/test1
    [test@node ~]$ hadoop fs -ls /apps/hive/warehouse
    drwx—— – hive hdfs 0 2012-10-11 08:35 /apps/hive/warehouse/test
    drwxr-xr-x – test hdfs 0 2012-10-11 08:36 /apps/hive/warehouse/test1
    [test@node ~]$

    hive> select * from test1;
    OK
    Time taken: 0.161 seconds

    Collapse
Viewing 6 replies - 1 through 6 (of 6 total)