[
https://issues.apache.org/jira/browse/HIVE-18381?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16312602#comment-16312602
]
youchuikai commented on HIVE-18381:
-----------------------------------
*fix this bug.*
{code:java}
Index: src/main/java/org/apache/hadoop/hive/metastore/Warehouse.java
IDEA additional info:
Subsystem: com.intellij.openapi.diff.impl.patch.CharsetEP
<+>UTF-8
===================================================================
--- src/main/java/org/apache/hadoop/hive/metastore/Warehouse.java (date
1515137061000)
+++ src/main/java/org/apache/hadoop/hive/metastore/Warehouse.java (date
1515137079737)
@@ -43,6 +43,8 @@
import org.apache.hadoop.fs.FileStatus;
import org.apache.hadoop.fs.FileSystem;
import org.apache.hadoop.fs.Path;
+import org.apache.hadoop.fs.permission.AclEntry;
+import org.apache.hadoop.fs.permission.AclStatus;
import org.apache.hadoop.fs.permission.FsAction;
import org.apache.hadoop.hive.common.FileUtils;
import org.apache.hadoop.hive.common.HiveStatsUtils;
@@ -250,8 +252,10 @@
return false;
}
final FileStatus stat;
+ final AclStatus aclStas;
try {
stat = getFs(path).getFileStatus(path);
+ aclStas = getFs(path).getAclStatus(path);
} catch (FileNotFoundException fnfe){
// File named by path doesn't exist; nothing to validate.
return true;
@@ -266,23 +270,38 @@
} catch (LoginException le) {
throw new IOException(le);
}
- String user = ugi.getShortUserName();
+ String user = ugi.getShortUserName(); // kaikai
+ String[] groups = ugi.getGroupNames(); // groups 获取的是metastore的组用户信息。
//check whether owner can delete
if (stat.getOwner().equals(user) &&
stat.getPermission().getUserAction().implies(FsAction.WRITE)) {
return true;
}
+
//check whether group of the user can delete
if (stat.getPermission().getGroupAction().implies(FsAction.WRITE)) {
- String[] groups = ugi.getGroupNames();
if (ArrayUtils.contains(groups, stat.getGroup())) {
return true;
}
}
+
//check whether others can delete (uncommon case!!)
if (stat.getPermission().getOtherAction().implies(FsAction.WRITE)) {
return true;
}
+
+ // add extra
+ List<AclEntry> list = aclStas.getEntries();
+ for (AclEntry aclEntry : list){
+ if (aclEntry.getScope().toString() != "DEFAULT" &&
aclEntry.getPermission().implies(FsAction.WRITE) && aclEntry.getName() !=
"null"){
+ if (aclEntry.getType().toString() == "USER" &&
aclEntry.getName().equals(user)){
+ LOG.info("acl user is" + aclEntry.getName() + ";" + "hive
cli user is " + user);
+ return true;
+ } else if (aclEntry.getType().toString() == "GROUP" &&
ArrayUtils.contains(groups, aclEntry.getName())){
+ return true;
+ }
+ }
+ }
return false;
}
/*
{code}
> Drop table operation isn't consider that hdfs acl privilege of the table
> location parent path
> -----------------------------------------------------------------------------------------------
>
> Key: HIVE-18381
> URL: https://issues.apache.org/jira/browse/HIVE-18381
> Project: Hive
> Issue Type: Bug
> Components: Hive
> Affects Versions: 1.1.0
> Environment: hive-1.1.0-cdh5.8.4
> Reporter: youchuikai
> Assignee: youchuikai
>
> {code:sql}
> // the push user belong to the test_rw group
> hive> dfs -getfacl /user/hive/warehouse1/test1.db;
> # file: /user/hive/warehouse1/test1.db
> # owner: root
> # group: hive
> user::rwx
> group::rwx
> group:test_r:r-x
> group:test_rw:rwx
> mask::rwx
> other::---
> default:user::rwx
> default:group::rwx
> default:group:test_r:r-x
> default:group:test_rw:rwx
> default:mask::rwx
> default:other::---
> hive> drop table test1.youck_66;
> FAILED: Execution Error, return code 1 from
> org.apache.hadoop.hive.ql.exec.DDLTask. MetaException(message:Table metadata
> not deleted since hdfs://nameservice-test1/user/hive/warehouse1/test1.db is
> not writable by push)
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
