hive之权限问题AccessControlException Permission denied: user=root, access=WR

Posted lenmom

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了hive之权限问题AccessControlException Permission denied: user=root, access=WR相关的知识,希望对你有一定的参考价值。

问题描述:在集群上,用hive分析数据出现如下错误

FAILED: Execution Error, return code 1 from org.apache.hadoop.hive.ql.exec.DDLTask. MetaException(message:Got exception: org.apache.hadoop.security.AccessControlException Permission denied: user=root, access=WRITE, inode="/data/${ip}/20180713":hdfs:supergroup:drwxr-xr-x
at org.apache.hadoop.hdfs.server.namenode.DefaultAuthorizationProvider.checkFsPermission(DefaultAuthorizationProvider.java:257)
at org.apache.hadoop.hdfs.server.namenode.DefaultAuthorizationProvider.check(DefaultAuthorizationProvider.java:238)
at org.apache.hadoop.hdfs.server.namenode.DefaultAuthorizationProvider.check(DefaultAuthorizationProvider.java:216)
at org.apache.hadoop.hdfs.server.namenode.DefaultAuthorizationProvider.checkPermission(DefaultAuthorizationProvider.java:145)
at org.apache.hadoop.hdfs.server.namenode.FSPermissionChecker.checkPermission(FSPermissionChecker.java:138)
at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkPermission(FSNamesystem.java:6609)
at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkPermission(FSNamesystem.java:6591)
at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.checkAncestorAccess(FSNamesystem.java:6543)
at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.mkdirsInternal(FSNamesystem.java:4333)
at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.mkdirsInt(FSNamesystem.java:4303)
at org.apache.hadoop.hdfs.server.namenode.FSNamesystem.mkdirs(FSNamesystem.java:4276)
at org.apache.hadoop.hdfs.server.namenode.NameNodeRpcServer.mkdirs(NameNodeRpcServer.java:867)
at org.apache.hadoop.hdfs.server.namenode.AuthorizationProviderProxyClientProtocol.mkdirs(AuthorizationProviderProxyClientProtocol.java:322)
at org.apache.hadoop.hdfs.protocolPB.ClientNamenodeProtocolServerSideTranslatorPB.mkdirs(ClientNamenodeProtocolServerSideTranslatorPB.java:603)
at org.apache.hadoop.hdfs.protocol.proto.ClientNamenodeProtocolProtos$ClientNamenodeProtocol$2.callBlockingMethod(ClientNamenodeProtocolProtos.java)
at org.apache.hadoop.ipc.ProtobufRpcEngine$Server$ProtoBufRpcInvoker.call(ProtobufRpcEngine.java:617)
at org.apache.hadoop.ipc.RPC$Server.call(RPC.java:1060)
at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2086)
at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:2082)
at java.security.AccessController.doPrivileged(Native Method)
at javax.security.auth.Subject.doAs(Subject.java:422)
at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1707)
at org.apache.hadoop.ipc.Server$Handler.run(Server.java:2080)
)

问题分析与解决:

根据报错信息是hdfs文件的权限问题,命令进入集群执行的用户为root,而hdfs文件所有者为hdfs。

要么以用户hdfs执行命令,要么调整hdfs文件的权限

解决方案1:

vim /etc/profile

增加内容

export HADOOP_USER_NAME=hdfs

 

解决方案2:

vim  $HADOOP_HOME/etc/hadoop/hdfs-site.xml

增加内容

<property>
  <name>dfs.permissions.enabled</name>
  <value>false</value>
  <description>
    If "true", enable permission checking in HDFS.
    If "false", permission checking is turned off,
    but all other behavior is unchanged.
    Switching from one parameter value to the other does not change the mode,
    owner or group of files or directories.
  </description>
</property>

之后重启hdfs namenode

hadoop-daemon.sh stop namenode
hadoop-daemon.sh start namenode

执行完之后,namenode可能会进入安全模式一段时间, 
这时候可能会报错:

name node is in safe mode

稍等一下重试一下即可。 
如果,时间太长了,可以手动停止:

dfsadmin -safemode enter   #进入安全模式
dfsadmin -safemode leave   #离开安全模式
dfsadmin -safemode wait    #等待,一直到安全模式结束

 

以上是关于hive之权限问题AccessControlException Permission denied: user=root, access=WR的主要内容,如果未能解决你的问题,请参考以下文章

Hive权限之改进

hive之权限问题AccessControlException Permission denied: user=root, access=WR

hive之数据组织形式

CDH大数据平台 17Cloudera Manager Console之Sentry权限hive测试(markdown新版)

大数据平台之权限管理组件 - Aapche Ranger

Hadoo系列之Hive安装和使用