[jira] [Commented] (HIVE-12231) StorageBasedAuthorization requires write permission of default Warehouse when create external database

Thejas M Nair (JIRA) Thu, 22 Oct 2015 11:52:58 -0700

    [ 
https://issues.apache.org/jira/browse/HIVE-12231?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14969642#comment-14969642
 ]


Thejas M Nair commented on HIVE-12231:
--------------------------------------

[~sjtufighter] Thanks for looking into this.
However, the idea behind StorageBasedAuthorization is to control/limit what the 
user can do to metadata, based on the permissions the user has on the storage 
(file system). 
Checking for permissions on the warehouse base directory helps to restrict the 
set of people who can create new databases.
This is similar to other checks, here are some examples -
 # For creation of a table , the db dir permissions would be checked, even if 
the table being created is an external table.
 # For creation of a partition in a table, the table dir permission is checked 
even if the new partition has a location outside the table directory.

This patch would take away a access control that is enforced by 
StorageBasedAuthorization.



> StorageBasedAuthorization requires write permission of default Warehouse when 
> create external database
> ------------------------------------------------------------------------------------------------------
>
>                 Key: HIVE-12231
>                 URL: https://issues.apache.org/jira/browse/HIVE-12231
>             Project: Hive
>          Issue Type: Bug
>    Affects Versions: 1.2.1
>            Reporter: WangMeng
>            Assignee: WangMeng
>         Attachments: HIVE-12231.01.patch
>
>
> Please look at the stacktrace, when enabled StorageBasedAuthorization, I set 
> external location to create database. However, it will also check write 
> permission of default warehouse "/user/hive/warehouse"  :
> > CREATE DATABASE test LOCATION  '/tmp/wangmeng/test'  ;
> Error: Error while compiling statement: FAILED: HiveException 
> java.security.AccessControlException: Permission denied: user=wangmeng, 
> access=WRITE, inode="/user/hive/warehouse":hive:hive:drwxr-x--t
>       at 
> org.apache.hadoop.hdfs.server.namenode.DefaultAuthorizationProvider.checkFsPermission(DefaultAuthorizationProvider.java:255)
>       at 
> org.apache.hadoop.hdfs.server.namenode.DefaultAuthorizationProvider.check(DefaultAuthorizationProvider.java:236)
>       at 
> org.apache.hadoop.hdfs.server.namenode.DefaultAuthorizationProvider.checkPermission(DefaultAuthorizationProvider.java:151)



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (HIVE-12231) StorageBasedAuthorization requires write permission of default Warehouse when create external database

Reply via email to