[
https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13172691#comment-13172691
]
[email protected] commented on HIVE-2616:
-----------------------------------------------------
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/2975/#review3985
-----------------------------------------------------------
About testing, see my earlier comment. To do any real tests for this, one needs
to do 'sudo' and then run tests. I have not found an easy way to do that in
Hive. HCatalog has test infrastructure which makes this kind of thing possible,
where I am adding these tests. See, HCATALOG-181 Also, I have manually verified
all four combinations of new/old client and new/old server and results were of
my satisfaction.
trunk/conf/hive-default.xml.template
<https://reviews.apache.org/r/2975/#comment9018>
I will update the text. But, I think splitting it in two properties will be
more confusing then useful. If ever some one uses them and both client and
server somehow uses same hive-site.xml, then having one property make sure its
either turned on or off for both client and server.
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
<https://reviews.apache.org/r/2975/#comment9019>
will fix
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
<https://reviews.apache.org/r/2975/#comment9020>
will fix
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
<https://reviews.apache.org/r/2975/#comment9024>
Will add.
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
<https://reviews.apache.org/r/2975/#comment9021>
In my opinion thats a right behavior because you dont want existing
application to break when server is upgraded and is running with setugi on. I
will update the text about best effort.
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
<https://reviews.apache.org/r/2975/#comment9022>
Will remove.
trunk/shims/src/common/java/org/apache/hadoop/hive/shims/HadoopShims.java
<https://reviews.apache.org/r/2975/#comment9023>
Will add.
- Ashutosh
On 2011-12-17 02:42:36, Ashutosh Chauhan wrote:
bq.
bq. -----------------------------------------------------------
bq. This is an automatically generated e-mail. To reply, visit:
bq. https://reviews.apache.org/r/2975/
bq. -----------------------------------------------------------
bq.
bq. (Updated 2011-12-17 02:42:36)
bq.
bq.
bq. Review request for hive.
bq.
bq.
bq. Summary
bq. -------
bq.
bq. Pass user identity in metastore connection in unsecure mode
bq.
bq.
bq. This addresses bug HIVE-2616.
bq. https://issues.apache.org/jira/browse/HIVE-2616
bq.
bq.
bq. Diffs
bq. -----
bq.
bq. trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 1215380
bq. trunk/conf/hive-default.xml.template 1215380
bq. trunk/metastore/if/hive_metastore.thrift 1215380
bq. trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h 1215380
bq. trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp 1215380
bq.
trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp
1215380
bq.
trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java
1215380
bq.
trunk/metastore/src/gen/thrift/gen-php/hive_metastore/ThriftHiveMetastore.php
1215380
bq.
trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote
1215380
bq.
trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py
1215380
bq. trunk/metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb 1215380
bq.
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java
1215380
bq.
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
1215380
bq.
trunk/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIBasedProcessor.java
PRE-CREATION
bq. trunk/shims/ivy.xml 1215380
bq.
trunk/shims/src/0.20/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java
1215380
bq.
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java
1215380
bq.
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java
1215380
bq.
trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/client/TUGIAssumingTransport.java
PRE-CREATION
bq.
trunk/shims/src/common/java/org/apache/hadoop/hive/shims/HadoopShims.java
1215380
bq.
trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TFilterTransport.java
PRE-CREATION
bq.
trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TUGIContainingTransport.java
PRE-CREATION
bq.
bq. Diff: https://reviews.apache.org/r/2975/diff
bq.
bq.
bq. Testing
bq. -------
bq.
bq. All the tests in metastore dir passes. Manually tested that file on hdfs
is owned by user running the client and not by user running metastore server.
bq.
bq.
bq. Thanks,
bq.
bq. Ashutosh
bq.
bq.
> Passing user identity from metastore client to server in non-secure mode
> ------------------------------------------------------------------------
>
> Key: HIVE-2616
> URL: https://issues.apache.org/jira/browse/HIVE-2616
> Project: Hive
> Issue Type: Bug
> Components: Metastore
> Reporter: Ashutosh Chauhan
> Assignee: Ashutosh Chauhan
> Attachments: hive-2616.patch, hive-2616_1.patch, hive-2616_3.patch,
> hive-2616_4.patch
>
>
> Currently in unsecure mode client don't pass on user identity. As a result
> hdfs and other operations done by server gets executed by user running
> metastore process instead of being done in context of client. This results in
> problem as reported here:
> http://mail-archives.apache.org/mod_mbox/hive-user/201111.mbox/%3CCAK0mCrRC3aPqtRHDe2J25Rm0JX6TS1KXxd7KPjqJjoqBjg=a...@mail.gmail.com%3E
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
