[jira] [Commented] (HIVE-11481) hive incorrectly set extended ACLs for unnamed group for new databases/tables with inheritPerms enabled

Tue, 10 Nov 2015 12:35:00 -0800 

    [ 
https://issues.apache.org/jira/browse/HIVE-11481?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14999302#comment-14999302
 ] 

Szehon Ho commented on HIVE-11481:
----------------------------------

Thanks for the patch Carita.  I am having some trouble how the patch solves the 
issue, it seems it is setting only the default ACL's on the target if there are 
any, and falls back to the old way if there are not?

> hive incorrectly set extended ACLs for unnamed group for new databases/tables 
> with inheritPerms enabled
> -------------------------------------------------------------------------------------------------------
>
>                 Key: HIVE-11481
>                 URL: https://issues.apache.org/jira/browse/HIVE-11481
>             Project: Hive
>          Issue Type: Bug
>          Components: Metastore
>    Affects Versions: 0.14.0, 1.0.0, 1.2.0, 1.1.0, 1.2.1
>            Reporter: Carita Ou
>            Assignee: Carita Ou
>            Priority: Minor
>         Attachments: HIVE-11481.1.patch, HIVE-11481.2.patch
>
>
> $ hadoop fs -chmod 700 /user/hive/warehouse
> $ hadoop fs -setfacl -m user:user1:rwx /user/hive/warehouse
> $ hadoop fs -setfacl -m default:user::rwx /user/hive/warehouse
> $ hadoop fs -ls /user/hive
> Found 1 items
> drwxrwx---+  - hive hadoop          0 2015-08-05 10:29 /user/hive/warehouse
> $ hadoop fs -getfacl /user/hive/warehouse
> # file: /user/hive/warehouse
> # owner: hive
> # group: hadoop
> user::rwx
> user:user1:rwx
> group::---
> mask::rwx
> other::---
> default:user::rwx
> default:group::---
> default:other::---
> In hive cli> create database testing;
> $ hadoop fs -ls /user/hive/warehouse
> Found 1 items
> drwxrwx---+  - hive hadoop          0 2015-08-05 10:44 
> /user/hive/warehouse/testing.db
> $hadoop fs -getfacl /user/hive/warehouse/testing.db
> # file: /user/hive/warehouse/testing.db
> # owner: hive
> # group: hadoop
> user::rwx
> user:user1:rwx
> group::rwx
> mask::rwx
> other::---
> default:user::rwx
> default:group::---
> default:other::---
> Since the warehouse directory has default group permission set to ---, the 
> group permissions for testing.db should also be ---
> The warehouse directory permissions show drwxrwx---+ which corresponds to 
> user:mask:other. The subdirectory group ACL is set by calling 
> FsPermission.getGroupAction() from Hadoop, which retrieves the file status 
> permission rwx instead of the actual ACL permission, which is ---. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to