ADD JAR, ADD FILE, and ADD ARCHIVE Unavailable Using Sentry | Known Issues

0 votes
3 views
asked Aug 30, 2017 in Hadoop by admin (4,410 points)
SummaryIn a Sentry enabled environment, you cannot use "ADD JAR", "ADD FILE", or "ADD ARCHIVE" clauses. This limitation addresses Security concerns.
Applies To

  • CDH5
  • Sentry
  • HIVE UDF
  • ADD JAR
Symptoms

In a Sentry enabled environment, users are not allowed to use "ADD JAR", "ADD FILE", or "ADD ARCHIVE" clauses at all. This limitation is a result of Security concerns.

Example of an error:

0: jdbc:hive2://localhost:10000/default> add file /tmp/test.txt; Error: Insufficient privileges to execute add (state=42000,code=0)

Cause

Allowing users to add their own files poses a security threat since users can use given files to inject arbitrary code in the cluster. Such code can be used to circumvent the security provided by Sentry. Hence the "ADD *" is restricted at this point and there is no plan to support it.

Instructions

For adding JAR files containing Hive UDFs, please refer to our documentation for installation.

Please log in or register to answer this question.

...