This is the documentation for CDH 5.1.x. Documentation for other versions is available at Cloudera Documentation.

File System Permissions

Your Hive data is stored in HDFS, normally under /user/hive/warehouse. The /user/hive and /user/hive/warehouse directories need to be created if they don't already exist. Make sure this location (or any path you specify as hive.metastore.warehouse.dir in your hive-site.xml) exists and is writable by the users whom you expect to be creating tables.

  Important:

Cloudera recommends setting permissions on the Hive warehouse directory to 1777, making it accessible to all users, with the sticky bit set. This allows users to create and access their tables, but prevents them from deleting tables they don't own.

In addition, each user submitting queries must have an HDFS home directory. /tmp (on the local file system) must be world-writable, as Hive makes extensive use of it.

HiveServer2 Impersonation allows users to execute queries and access HDFS files as the connected user.

If you do not enable impersonation, HiveServer2 by default executes all Hive tasks as the user ID that starts the Hive server; for clusters that use Kerberos authentication, this is the ID that maps to the Kerberos principal used with HiveServer2. Setting permissions to 1777, as recommended above, allows this user access to the Hive warehouse directory.

You can change this default behavior by setting hive.metastore.execute.setugi to true on both the server and client. This setting causes the metastore server to use the client's user and group permissions.

Page generated September 3, 2015.