Home Forums Hue Hue admin user permision denied

This topic contains 16 replies, has 2 voices, and was last updated by  Dave 3 months, 1 week ago.

  • Creator
    Topic
  • #44830

    Rodulfo
    Participant

    Hello,

    I installed HDP 2 using Ambari and I finally got HUE running but now I get permision denied on any action I want to run on HUE. I checked and the admin user created is part of hadoop group. Any idea what should be wrong?

    Here is the error I get when i want to run a Pig Script or load a file into HCat:

    {“error”:”Permission denied: user=admin, access=WRITE, inode=\”/user\”:hdfs:hdfs:drwxr-xr-x\n\tat org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.check(FSPermissionChecker.java:234)\n\tat org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.check(FSPermissionChecker.java:214)\n\tat org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.checkPermission(FSPermissionChecker.java:158)\n\tat org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkPermission(FSNamesystem.java:5193)\n\tat org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkPermission(FSNamesystem.java:5175)\n\tat org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkAncestorAccess(FSNamesystem.java:5149)\n\tat org.apache.hadoop.hdfs.server.namenode.FSNamesystem.mkdirsInternal(FSNamesystem.java:3396)\n\tat org.apache.hadoop.hdfs.server.namenode.FSNamesystem.mkdirsInt(FSNamesystem.java:3366)\n\tat org.apache.hadoop.hdfs.server.namenode.FSNamesystem.mkdirs(FSNamesystem.java:3340)\n\tat org.apache.hadoop.hdfs.server.namenode.NameNodeRpcServer.mkdirs(NameNodeRpcServer.java:724)\n\tat org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.mkdirs(ClientNamenodeProtocolServerSideTranslatorPB.java:502)\n\tat org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(ClientNamenodeProtocolProtos.java:59598)\n\tat org.apache.hadoop.ipc.ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine.java:585)\n\tat org.apache.hadoop.ipc.RPC$Server.call(RPC.java:928)\n\tat org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2053)\n\tat org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2049)\n\tat java.security.AccessController.doPrivileged(Native Method)\n\tat javax.security.auth.Subject.doAs(Subject.java:396)\n\tat org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1491)\n\tat org.apache.hadoop.ipc.Server$Handler.run(Server.java:2047)\n”} (error 500)

    Thanks in advance!
    Rod

Viewing 16 replies - 1 through 16 (of 16 total)

You must be logged in to reply to this topic.

  • Author
    Replies
  • #46730

    Dave
    Moderator

    Hi Rodulfo,

    Have you added the below into webhcat-site.xml

    <property>
    <name>webhcat.proxyuser.hue.hosts</name>
    <value>*</value>
    </property>
    <property>
    <name>webhcat.proxyuser.hue.groups</name>
    <value>*</value>
    </property>

    And in hdfs-site.xml is dfs.webhdfs.enabled set to true?

    Thanks

    Dave

    Collapse
    #46259

    Rodulfo
    Participant

    By the way that happens with any other HUE user that I create. At the moment nnly hdfs (user) is able to load data into an HCatalog table.

    Collapse
    #46258

    Rodulfo
    Participant

    Hi Dave.

    I did it and the /user/admin directory was created.

    Now Im able to create the table, but no data is loaded into the table. I dont get any error message or anything. If I login as hdfs user, the table is created and the data is loaded into the table.

    Greetings,
    Rodulfo

    Collapse
    #46257

    Dave
    Moderator

    Hi Rudolfo,

    In HUE under user administration, can you go to admin (user) and then check the box which says “create home directory” and then press “update user”

    Then try again.

    Thanks

    Dave

    Collapse
    #46255

    Rodulfo
    Participant

    Hi Dave,

    There is no directory called “admin” inside /user.

    /user is from user:hdfs, group:hdfs and has permissions: drwxr-xr-x

    Greetings

    Collapse
    #46108

    Dave
    Moderator

    Hi Rodulfo,

    In HUE can you go to the File Browser and browse to /user – do you see a directory in there called admin?
    What permissions does /user have?

    Thanks

    Dave

    Collapse
    #45904

    Rodulfo
    Participant

    Im using directly the HUE HCat web UI, It happens with any script, for example:

    A = LOAD ‘pruebas.data’ using org.apache.hcatalog.pig.HCatLoader();
    m1 = FOREACH A GENERATE 201201 as id,volume_m3_201201 as volume;
    m2 = FOREACH A GENERATE 201202 as id,volume_m3_201202 as volume;
    inpt = UNION m1, m2;
    inpt = FILTER inpt BY volume is not null;
    inpt = FILTER inpt BY volume >= 0;

    DUMP inpt;

    If I try to run it I get:

    {“error”:”Permission denied: user=admin, access=WRITE, inode=\”/user\”:hdfs:hdfs:drwxr-xr-x\n\tat org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.check(FSPermissionChecker.java:234)\n\tat org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.check(FSPermissionChecker.java:214)\n\tat org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.checkPermission(FSPermissionChecker.java:158)\n\tat

    org.apache.hadoop.hdfs.server.namenode.FSNamesystem.mkdirs(FSNamesystem.java:3340)\n\tat org.apache.hadoop.hdfs.server.namenode.NameNodeRpcServer.mkdirs(NameNodeRpcServer.java:724)\n\tat org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.mkdirs(ClientNamenodeProtocolServerSideTranslatorPB.java:502)\n\tat org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(ClientNamenodeProtocolProtos.java:59598)\n\tat org.apache.hadoop.ipc.ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine.java:585)\n\tat org.apache.hadoop.ipc.RPC$Server.call(RPC.java:928)\n\tat org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2053)\n\tat org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2049)\n\tat java.security.AccessController.doPrivileged(Native Method)\n\tat javax.security.auth.Subject.doAs(Subject.java:396)\n\tat org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1491)\n\tat org.apache.hadoop.ipc.Server$Handler.run(Server.java:2047)\n”} (error 500)

    It aslo happens when I simply try to upload a CSV file that is already in HDFS using the HUE HCat UI, I get the following error:

    HCatClient error on create table: {“errorDetail”:”org.apache.hadoop.hive.ql.metadata.HiveException: MetaException(message:Got exception: org.apache.hadoop.security.AccessControlException Permission denied: user=admin, access=WRITE, inode=\”/apps/hive/warehouse/pruebas.db\”:rmrodriguez:hdfs:drwxr-xr-x\n\tat org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.check(FSPermissionChecker.java:234) …


    (error 500)

    admin was the user created when first logging into HUE. The user didnt exist in Linux at that point.

    Greetings,
    Rod

    Collapse
    #45899

    Dave
    Moderator

    Hi Rodulfo,

    Can you share your pig script and how you are loading the file into hcat?
    When you created the admin user did you create the home directory in HUE (ie check the box?)

    Thanks

    Dave

    Collapse
    #45811

    Rodulfo
    Participant

    I have:

    hadoop.proxyuser.hue.groups: *
    hadoop.proxyuser.hue.hosts: *

    Collapse
    #45397

    Dave
    Moderator

    Hi Rodulfo,

    What do you have in your core-site.xml for hadoop.proxyusers.hue.groups and hadoop.proxyusers.hue.hosts ?

    Thanks

    Dave

    Collapse
    #45190

    Rodulfo
    Participant

    Did that but still didnt work. I get the same error when I try to create a table with user admin (primary group: hadoop, secondary: users)

    Collapse
    #45068

    Dave
    Moderator

    Hi Rod,

    If you put that user into the hadoop group (main) and the users group (secondary) then they will have the permissions necessary to perform the actions.
    This is how I set up my Hue installations

    Thanks

    Dave

    Collapse
    #45059

    Rodulfo
    Participant

    Thanks Dave. Any info regarding permisions needed for new HUE users will be appreciate it. For the moment only user hdfs can perform everything.

    What I would like to know is what should I do to create a new HUE users. I understand I should create an equivalent Linux user, but what permissions should I give it?

    Greetings,
    Rod

    Collapse
    #44964

    Dave
    Moderator

    Hi Rod,

    As you can see the error from admin is coming from the HDFS file system. If admin is a linux user in the hdfs group, then they will be able to load a file.
    I will post a link to the information you are requesting.

    Thanks

    Dave

    Collapse
    #44962

    Rodulfo
    Participant

    No, admin is not a Linux user in the Hue server.

    I found out with hdfs user I everything works and that I create a new user using Hue, almost everything works except inserting data into HCat from a file.

    Where can I learn more about Hue users and Hadoop and the permisions they should have?

    Collapse
    #44957

    Dave
    Moderator

    Hi Rod,

    Is the admin user a user on your Linux machine which is running Hue?

    Thanks

    Dave

    Collapse
Viewing 16 replies - 1 through 16 (of 16 total)