Thanks very much for your replies, Darren and Lenni.
The impalad process runs as the "impala" user, but the impala-shell (or
whatever client you are using) would not run as "impala", it would run as
the current user. When that user runs a query, Impala will extract their
username from the connection and use that to ensure they have permission to
perform the operation.
I'm still struggling to understand the interaction between OS users and
groups, HDFS ones, and impalad. Specifically, here's what I'm doing.
Following the Impala tutorial (http://www.cloudera.com/content/cloudera-content/cloudera-docs/Impala/latest/Installing-and-Using-Impala/ciiu_tutorial.html
), I start impala-shell as me:
[cornell@server ~]$ whoami
[cornell@server ~]$ impala-shell
Starting Impala Shell in unsecure mode
Connected to server.cs.umass.edu:21000
Server version: impalad version 1.1.1 RELEASE (build
Then I run this query:
[server.cs.umass.edu:21000] > CREATE TABLE tab3 (id INT, col_1 BOOLEAN,
col_2 DOUBLE, month INT, day INT)
ROW FORMAT DELIMITED FIELDS TERMINATED BY ',';
ERROR: MetaException: Got exception:
org.apache.hadoop.security.AccessControlException Permission denied:
user=impala, access=WRITE, inode="/":hdfs:supergroup:drwxr-xr-x
If I understand correctly, this tells me impala-shell passed along my query
to impald, which then tried to access the '/' HDFS directory as the
'impala' user, and /not/ as me. The command puked because the 'impala' user
is neither 'hdfs' nor is it in the group 'supergroup'. (Would I be wrong to
guess that it's trying to access /user/hive/warehouse - determined by
running 'set hive.metastore.warehouse.dir;' in the hive command line - ?)
This leads me to think I simply (ha!) have to tell HDFS that the 'impala'
user belongs to the group 'supergroup'. However, I don't how to do that
yet, maybe something like (but using the correct names):
hdfs dfs -chgrp -R hdfs /user/hive/warehouse
hdfs dfs -chmod -R 775 /user/hive/warehouse
sudo -u hdfs hadoop fs -chown impala:impala /user/impala
Yep, I'm pretty stuck :-\ Any advice would be extremely welcome at this
To unsubscribe from this group and stop receiving emails from it, send an email to firstname.lastname@example.org.