[ https://issues.apache.org/jira/browse/HIVE-18381?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16312602#comment-16312602 ]
youchuikai commented on HIVE-18381: ----------------------------------- *fix this bug.* {code:java} Index: src/main/java/org/apache/hadoop/hive/metastore/Warehouse.java IDEA additional info: Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP <+>UTF-8 =================================================================== --- src/main/java/org/apache/hadoop/hive/metastore/Warehouse.java (date 1515137061000) +++ src/main/java/org/apache/hadoop/hive/metastore/Warehouse.java (date 1515137079737) @@ -43,6 +43,8 @@ import org.apache.hadoop.fs.FileStatus; import org.apache.hadoop.fs.FileSystem; import org.apache.hadoop.fs.Path; +import org.apache.hadoop.fs.permission.AclEntry; +import org.apache.hadoop.fs.permission.AclStatus; import org.apache.hadoop.fs.permission.FsAction; import org.apache.hadoop.hive.common.FileUtils; import org.apache.hadoop.hive.common.HiveStatsUtils; @@ -250,8 +252,10 @@ return false; } final FileStatus stat; + final AclStatus aclStas; try { stat = getFs(path).getFileStatus(path); + aclStas = getFs(path).getAclStatus(path); } catch (FileNotFoundException fnfe){ // File named by path doesn't exist; nothing to validate. return true; @@ -266,23 +270,38 @@ } catch (LoginException le) { throw new IOException(le); } - String user = ugi.getShortUserName(); + String user = ugi.getShortUserName(); // kaikai + String[] groups = ugi.getGroupNames(); // groups 获取的是metastore的组用户信息。 //check whether owner can delete if (stat.getOwner().equals(user) && stat.getPermission().getUserAction().implies(FsAction.WRITE)) { return true; } + //check whether group of the user can delete if (stat.getPermission().getGroupAction().implies(FsAction.WRITE)) { - String[] groups = ugi.getGroupNames(); if (ArrayUtils.contains(groups, stat.getGroup())) { return true; } } + //check whether others can delete (uncommon case!!) if (stat.getPermission().getOtherAction().implies(FsAction.WRITE)) { return true; } + + // add extra + List<AclEntry> list = aclStas.getEntries(); + for (AclEntry aclEntry : list){ + if (aclEntry.getScope().toString() != "DEFAULT" && aclEntry.getPermission().implies(FsAction.WRITE) && aclEntry.getName() != "null"){ + if (aclEntry.getType().toString() == "USER" && aclEntry.getName().equals(user)){ + LOG.info("acl user is" + aclEntry.getName() + ";" + "hive cli user is " + user); + return true; + } else if (aclEntry.getType().toString() == "GROUP" && ArrayUtils.contains(groups, aclEntry.getName())){ + return true; + } + } + } return false; } /* {code} > Drop table operation isn't consider that hdfs acl privilege of the table > location parent path > ----------------------------------------------------------------------------------------------- > > Key: HIVE-18381 > URL: https://issues.apache.org/jira/browse/HIVE-18381 > Project: Hive > Issue Type: Bug > Components: Hive > Affects Versions: 1.1.0 > Environment: hive-1.1.0-cdh5.8.4 > Reporter: youchuikai > Assignee: youchuikai > > {code:sql} > // the push user belong to the test_rw group > hive> dfs -getfacl /user/hive/warehouse1/test1.db; > # file: /user/hive/warehouse1/test1.db > # owner: root > # group: hive > user::rwx > group::rwx > group:test_r:r-x > group:test_rw:rwx > mask::rwx > other::--- > default:user::rwx > default:group::rwx > default:group:test_r:r-x > default:group:test_rw:rwx > default:mask::rwx > default:other::--- > hive> drop table test1.youck_66; > FAILED: Execution Error, return code 1 from > org.apache.hadoop.hive.ql.exec.DDLTask. MetaException(message:Table metadata > not deleted since hdfs://nameservice-test1/user/hive/warehouse1/test1.db is > not writable by push) > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)