[jira] [Commented] (DRILL-4029) Non admin users should not be allowed to execute RESET ALL at SYSTEM level

Thu, 05 Nov 2015 07:36:13 -0800 

    [ 
https://issues.apache.org/jira/browse/DRILL-4029?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14991821#comment-14991821
 ] 

Sudheesh Katkam commented on DRILL-4029:
----------------------------------------

I am confused; I don't see anything in the description or comments that shows 
that Drill allows non-admin users to reset options. In the description, 
impersonation was not enabled. And in the last comment (assuming update of the 
first), we see that any query fails with a SYSTEM ERROR. What am I missing?

> Non admin users should not be allowed to execute RESET ALL at SYSTEM level
> --------------------------------------------------------------------------
>
>                 Key: DRILL-4029
>                 URL: https://issues.apache.org/jira/browse/DRILL-4029
>             Project: Apache Drill
>          Issue Type: Bug
>          Components: Execution - Flow
>    Affects Versions: 1.3.0
>         Environment: 4 node cluster CentOS
>            Reporter: Khurram Faraaz
>            Priority: Critical
>
> Set MAPR_IMPERSONATION_ENABLED=false and connect to Drill as user test (which 
> is not admin user) I was able to RESET all options at SYSTEM level, this does 
> not look right.
> {code}
> [root@centos bin]# ./sqlline -u "jdbc:drill:schema=dfs.tmp -n test -p test"
> apache drill 1.3.0-SNAPSHOT
> "say hello to my little drill"
> 0: jdbc:drill:schema=dfs.tmp> ALTER SYSTEM RESET ALL;
> +-------+---------------+
> |  ok   |    summary    |
> +-------+---------------+
> | true  | ALL updated.  |
> +-------+---------------+
> 1 row selected (2.013 seconds)
> 0: jdbc:drill:schema=dfs.tmp> !q
> Closing: org.apache.drill.jdbc.impl.DrillConnectionImpl
> [root@centos bin]# clush -g khurram grep "MAPR_IMPERSONATION_ENABLED" 
> /opt/mapr/drill/drill-1.3.0/conf/drill-env.sh
> : export MAPR_IMPERSONATION_ENABLED=false
> : export MAPR_IMPERSONATION_ENABLED=false
> : export MAPR_IMPERSONATION_ENABLED=false
> : export MAPR_IMPERSONATION_ENABLED=false
> [root@centos bin]# clush -g khurram tail -n 5 
> /opt/mapr/drill/drill-1.3.0/conf/drill-override.conf
> :
> : drill.exec: {
> :   cluster-id: "my_cluster_com-drillbits",
> :   zk.connect: "10.10.100.201:5181"
> : }
> :
> : drill.exec: {
> :   cluster-id: "my_cluster_com-drillbits",
> :   zk.connect: "10.10.100.201:5181"
> : }
> :
> : drill.exec: {
> :   cluster-id: "my_cluster_com-drillbits",
> :   zk.connect: "10.10.100.201:5181"
> : }
> :
> : drill.exec: {
> :   cluster-id: "my_cluster_com-drillbits",
> :   zk.connect: "10.10.100.201:5181"
> : }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to