[jira] [Updated] (SPARK-22506) Spark thrift server can not impersonate user in kerberos

Mon, 13 Nov 2017 03:25:15 -0800 

     [ 
https://issues.apache.org/jira/browse/SPARK-22506?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

sydt updated SPARK-22506:
-------------------------
    Description: 
Spark thrift server can not impersonate user in kerberos environment.
I launch spark thrift server by user hive ,which is allowed to impersonate 
other user.
User* jt_jzyx_project7* submit sql statement to query its own table located in 
hdfs catalog: /user/jt_jzyx_project7, and happened errors:
Permission denied: *user=hive*, access=EXECUTE, 
inode=*"/user/jt_jzyx_project7*":hdfs:jt_jzyx_project7:drwxrwx---:user:g_dcpt_project1:rwx,group::rwx
obviously, spark thrift server didn't proxy user: jt_jzyx_project7 .
And this happened task stage, which means it pass the hive authorization.
!screenshot-1.png!





  was:
Spark thrift server can not impersonate user in kerberos environment.
I launch spark thrift server by user hive ,which is allowed to impersonate 
other user.
User *jt_jzyx_project*7 submit sql statement to query its own table located in 
hdfs catalog: /user/jt_jzyx_project7, and happened errors:
Permission denied: *user=hive*, access=EXECUTE, 
inode=*"/user/jt_jzyx_project7*":hdfs:jt_jzyx_project7:drwxrwx---:user:g_dcpt_project1:rwx,group::rwx
obviously, spark thrift server didn't proxy user: jt_jzyx_project7 .
And this happened task stage, which means it pass the hive authorization.
!screenshot-1.png!






> Spark thrift server can not impersonate user in kerberos 
> ---------------------------------------------------------
>
>                 Key: SPARK-22506
>                 URL: https://issues.apache.org/jira/browse/SPARK-22506
>             Project: Spark
>          Issue Type: Improvement
>          Components: Deploy
>    Affects Versions: 2.2.0
>            Reporter: sydt
>         Attachments: screenshot-1.png
>
>
> Spark thrift server can not impersonate user in kerberos environment.
> I launch spark thrift server by user hive ,which is allowed to impersonate 
> other user.
> User* jt_jzyx_project7* submit sql statement to query its own table located 
> in hdfs catalog: /user/jt_jzyx_project7, and happened errors:
> Permission denied: *user=hive*, access=EXECUTE, 
> inode=*"/user/jt_jzyx_project7*":hdfs:jt_jzyx_project7:drwxrwx---:user:g_dcpt_project1:rwx,group::rwx
> obviously, spark thrift server didn't proxy user: jt_jzyx_project7 .
> And this happened task stage, which means it pass the hive authorization.
> !screenshot-1.png!



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to