Krystal created DRILL-3041:
------------------------------
Summary: Impersonation-user can create view against file that user
doesn't have read access
Key: DRILL-3041
URL: https://issues.apache.org/jira/browse/DRILL-3041
Project: Apache Drill
Issue Type: Bug
Components: Execution - RPC
Affects Versions: 1.0.0
Reporter: Krystal
Assignee: Jacques Nadeau
git.commit.id.abbrev=d10769f
I have a file that has the following permission:
-rwx------ 3 qa2 users 63078 2015-01-30 21:19
/drill/testdata/csv/voter.csv
The directory right above the file has the following permission:
drwxr-xr-x - qa2 users 3 2015-05-12 14:22 /drill/testdata/csv
Logged into sqlline as a different user and attempted to create a view:
0: jdbc:drill:schema=dfs.root> CREATE VIEW `dfs.qa1`.`test_v4` AS SELECT
columns[0] as column_0, columns[1] as column_1, columns[2] as column_2,
columns[3] as column_3, columns[4] as column_4, columns[5] as column_5,
columns[6] as column_6 FROM `dfs`.`default`.`drill/testdata/csv/voter.csv`
LIMIT 100;
The view got created successfully. However if I tried to read from the view, I
can't because of the lack of permission to the voter.csv table:
0: jdbc:drill:schema=dfs.root> select * from `dfs.qa1`.`test_v4`;
Error: SYSTEM ERROR: org.apache.hadoop.security.AccessControlException: Open
failed for file: /drill/testdata/csv/voter.csv, error: Permission denied (13)
Currently drill only check if the folder contains correct permission and not at
the file level when creating views. It seems odd that a user is allowed to
create the view then not being able to access it afterwards.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
