Hey folks, I'm working on a regression test for IMPALA-7311 and found something interesting. It appears that in our normal minicluster setup, impalad runs as the same username as the namenode (namely, the username of the developer, in my case 'todd').
This means that the NN treats impala as a superuser, and therefore doesn't actually enforce permissions. So, tests about the behavior of Impala on files that it doesn't have access to are somewhat tricky to write. Has anyone run into this before? Should we consider running either the impalad or the namenode as a different spoofed username so that the minicluster environment is more authentic to true cluster environments? We can do this easily by setting the HADOOP_USER_NAME environment variable or system property. -Todd -- Todd Lipcon Software Engineer, Cloudera
