Apache Hive File System Permissions in CDH

Your Hive data is stored in HDFS, normally under /user/hive/warehouse. The /user/hive and /user/hive/warehouse directories need to be created if they do not already exist. Make sure this location (or any path you specify as hive.metastore.warehouse.dir in your hive-site.xml) exists and is writable by the users whom you expect to be creating tables.

In addition, each user submitting queries must have an HDFS home directory. /tmp (on the local file system) must be world-writable, as Hive makes extensive use of it.

HiveServer2 Impersonation allows users to execute queries and access HDFS files as the connected user.

If you do not enable impersonation, HiveServer2 by default executes all Hive tasks as the user ID that starts the Hive server; for clusters that use Kerberos authentication, this is the ID that maps to the Kerberos principal used with HiveServer2. Setting permissions to 1777, as recommended above, allows this user access to the Hive warehouse directory.

You can change this default behavior by setting hive.metastore.execute.setugi to true on both the server and client. This setting causes the metastore server to use the client's user and group permissions.