[
https://issues.apache.org/jira/browse/DRILL-7475?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Krzysztof Styrc updated DRILL-7475:
-----------------------------------
Description:
Hi,
we'd like to setup Drill to as SQL interface for files stored on local file
system (non HDFS) with multi user access - each user/group authorized to access
only selected tables/views.
*Environment:*
CentOS 6.7
{code:java}
[dataiku@quickstart apache-drill-1.16.0]$ lsb_release -a
LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch
Distributor ID: CentOS
Description: CentOS release 6.7 (Final)
Release: 6.7
Codename: Final{code}
Apache Drill 1.16.0 with the following config (drill-override.conf, Drill
running as root user):
{code:java}
drill.exec: {
cluster-id: "unit8drill",
zk.connect: "localhost:2181",
impersonation: {
enabled: true,
},
security: {
auth.mechanisms : ["PLAIN"],
},
security.user.auth: {
enabled: true,
packages += "org.apache.drill.exec.rpc.user.security",
impl: "pam4j",
pam_profiles: [ "sudo", "login" ],
}
}
{code}
Created a view on *local file system* (not HDFS) that is configured to be
accessible only by bob user:
{code:java}
[xyz@quickstart views]$ ls -l
total 4
-rwx------ 1 bob bob 247 Dec 5 11:57 project_1_abc.view.drill
{code}
*Steps to reproduce:*
Use sqlline to query project_1_abc view as alice user:
{code:java}
apache drill> select count(*) from dfs.views.project_1_abc;
+--------+
| EXPR$0 |
+--------+
| 418 |
+--------+
1 row selected (0.461 seconds)
{code}
*Expected result:*
Querying project_1_abc view as user alice should throw an error, as only bob
user has access to this view.
In order to achieve this we've configured Drill with plain PAM authentication +
impersonation following the docs:
[https://drill.apache.org/docs/configuring-plain-security/]
[https://drill.apache.org/docs/configuring-user-impersonation/]
We've ended up with the following ```drill-override.conf``` config:
{code:java}
drill.exec: {
cluster-id: "unit8drill",
zk.connect: "localhost:2181",
impersonation: {
enabled: true,
},
security: {
auth.mechanisms : ["PLAIN"],
},
security.user.auth: {
enabled: true,
packages += "org.apache.drill.exec.rpc.user.security",
impl: "pam4j",
pam_profiles: [ "sudo", "login" ],
}
}
{code}
The Drill process runs as root in order to have access to ```/etc/shadow``` etc.
Authentication works fine. We're able to use sqlline as well as Web UI in order
to run SQL queries. Also, users that are in the root group have access to
Storage, Threads and Logs tabs.
Unfortunately, all the users have access to all tables/directories/views,
regardless of the permissions set on the local file system. Furthermore,
inspecting the Drill process with auditctl reveals that the Drill process user
(root) is accessing the files instead of impersonating user as one would expect
while using impersonation.
Attaching with java debugger also reveals that even though it's local file
system, Drill uses ```ProxyLocalFileSystem``` from hive-exec JAR in
```ImpersonationUtil.createFileSystem(...)```.
The question is, does Drill support RBAC on local file system? If so, what
could we be doing wrong?
was:
Hi,
we'd like to setup Drill to as SQL interface for files stored on local file
system (non HDFS) with multi user access - each user/group authorized to access
only selected tables/views.
*Environment:*
CentOS 6.7
{code:java}
[dataiku@quickstart apache-drill-1.16.0]$ lsb_release -a
LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch
Distributor ID: CentOS
Description: CentOS release 6.7 (Final)
Release: 6.7
Codename: Final{code}
Apache Drill 1.16.0 with the following config (drill-override.conf, Drill
running as root user):
{code:java}
drill.exec: {
cluster-id: "unit8drill",
zk.connect: "localhost:2181",
impersonation: {
enabled: true,
},
security: {
auth.mechanisms : ["PLAIN"],
},
security.user.auth: {
enabled: true,
packages += "org.apache.drill.exec.rpc.user.security",
impl: "pam4j",
pam_profiles: [ "sudo", "login" ],
}
}
{code}
In order to achieve this we've configured Drill with plain PAM authentication +
impersonation following the docs:
[https://drill.apache.org/docs/configuring-plain-security/]
[https://drill.apache.org/docs/configuring-user-impersonation/]
We've ended up with the following ```drill-override.conf``` config:
{code:java}
drill.exec: {
cluster-id: "unit8drill",
zk.connect: "localhost:2181",
impersonation: {
enabled: true,
},
security: {
auth.mechanisms : ["PLAIN"],
},
security.user.auth: {
enabled: true,
packages += "org.apache.drill.exec.rpc.user.security",
impl: "pam4j",
pam_profiles: [ "sudo", "login" ],
}
}
{code}
The Drill process runs as root in order to have access to ```/etc/shadow``` etc.
Authentication works fine. We're able to use sqlline as well as Web UI in order
to run SQL queries. Also, users that are in the root group have access to
Storage, Threads and Logs tabs.
Unfortunately, all the users have access to all tables/directories/views,
regardless of the permissions set on the local file system. Furthermore,
inspecting the Drill process with auditctl reveals that the Drill process user
(root) is accessing the files instead of impersonating user as one would expect
while using impersonation.
Attaching with java debugger also reveals that even though it's local file
system, Drill uses ```ProxyLocalFileSystem``` from hive-exec JAR in
```ImpersonationUtil.createFileSystem(...)```.
The question is, does Drill support RBAC on local file system? If so, what
could we be doing wrong?
> Impersonation on local file system
> ----------------------------------
>
> Key: DRILL-7475
> URL: https://issues.apache.org/jira/browse/DRILL-7475
> Project: Apache Drill
> Issue Type: Bug
> Affects Versions: 1.16.0
> Reporter: Krzysztof Styrc
> Priority: Minor
>
> Hi,
> we'd like to setup Drill to as SQL interface for files stored on local file
> system (non HDFS) with multi user access - each user/group authorized to
> access only selected tables/views.
>
> *Environment:*
> CentOS 6.7
> {code:java}
> [dataiku@quickstart apache-drill-1.16.0]$ lsb_release -a
> LSB Version: :base-4.0-amd64:base-4.0-noarch:core-4.0-amd64:core-4.0-noarch
> Distributor ID: CentOS
> Description: CentOS release 6.7 (Final)
> Release: 6.7
> Codename: Final{code}
> Apache Drill 1.16.0 with the following config (drill-override.conf, Drill
> running as root user):
> {code:java}
> drill.exec: {
> cluster-id: "unit8drill",
> zk.connect: "localhost:2181",
> impersonation: {
> enabled: true,
> },
> security: {
> auth.mechanisms : ["PLAIN"],
> },
> security.user.auth: {
> enabled: true,
> packages += "org.apache.drill.exec.rpc.user.security",
> impl: "pam4j",
> pam_profiles: [ "sudo", "login" ],
> }
> }
> {code}
> Created a view on *local file system* (not HDFS) that is configured to be
> accessible only by bob user:
> {code:java}
> [xyz@quickstart views]$ ls -l
> total 4
> -rwx------ 1 bob bob 247 Dec 5 11:57 project_1_abc.view.drill
> {code}
>
> *Steps to reproduce:*
> Use sqlline to query project_1_abc view as alice user:
> {code:java}
> apache drill> select count(*) from dfs.views.project_1_abc;
> +--------+
> | EXPR$0 |
> +--------+
> | 418 |
> +--------+
> 1 row selected (0.461 seconds)
> {code}
> *Expected result:*
> Querying project_1_abc view as user alice should throw an error, as only bob
> user has access to this view.
>
> In order to achieve this we've configured Drill with plain PAM authentication
> + impersonation following the docs:
> [https://drill.apache.org/docs/configuring-plain-security/]
> [https://drill.apache.org/docs/configuring-user-impersonation/]
> We've ended up with the following ```drill-override.conf``` config:
> {code:java}
> drill.exec: {
> cluster-id: "unit8drill",
> zk.connect: "localhost:2181",
> impersonation: {
> enabled: true,
> },
> security: {
> auth.mechanisms : ["PLAIN"],
> },
> security.user.auth: {
> enabled: true,
> packages += "org.apache.drill.exec.rpc.user.security",
> impl: "pam4j",
> pam_profiles: [ "sudo", "login" ],
> }
> }
> {code}
> The Drill process runs as root in order to have access to ```/etc/shadow```
> etc.
>
> Authentication works fine. We're able to use sqlline as well as Web UI in
> order to run SQL queries. Also, users that are in the root group have access
> to Storage, Threads and Logs tabs.
>
> Unfortunately, all the users have access to all tables/directories/views,
> regardless of the permissions set on the local file system. Furthermore,
> inspecting the Drill process with auditctl reveals that the Drill process
> user (root) is accessing the files instead of impersonating user as one would
> expect while using impersonation.
>
> Attaching with java debugger also reveals that even though it's local file
> system, Drill uses ```ProxyLocalFileSystem``` from hive-exec JAR in
> ```ImpersonationUtil.createFileSystem(...)```.
>
> The question is, does Drill support RBAC on local file system? If so, what
> could we be doing wrong?
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
