[jira] [Commented] (HIVE-5400) Allow admins to disable compile and other commands
[ https://issues.apache.org/jira/browse/HIVE-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13888615#comment-13888615 ] Lefty Leverenz commented on HIVE-5400: -- Documented hive.conf.restricted.list and put it in a new section with hive.security.command.whitelist: * [Authentication/Authorization: Restricted List and Whitelist |https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-RestrictedListandWhitelist] Allow admins to disable compile and other commands -- Key: HIVE-5400 URL: https://issues.apache.org/jira/browse/HIVE-5400 Project: Hive Issue Type: Sub-task Reporter: Brock Noland Assignee: Brock Noland Fix For: 0.13.0 Attachments: HIVE-5400.patch, HIVE-5400.patch, HIVE-5400.patch From here: https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220 I think we should afford admins who want to disable this functionality the ability to do so. Since such admins might want to disable other commands such as add or dfs, it wouldn't be much trouble to allow them to do this as well. For example we could have a configuration option hive.available.commands (or similar) which specified add,set,delete,reset, etc by default. Then check this value in CommandProcessorFactory. It would probably make sense to add this property to the restrict list. -- This message was sent by Atlassian JIRA (v6.1.5#6160)
[jira] [Commented] (HIVE-5400) Allow admins to disable compile and other commands
[ https://issues.apache.org/jira/browse/HIVE-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13831588#comment-13831588 ] Brock Noland commented on HIVE-5400: Nice. I have always had trouble with that word. I created https://issues.apache.org/jira/browse/HIVE-5879 for that. Allow admins to disable compile and other commands -- Key: HIVE-5400 URL: https://issues.apache.org/jira/browse/HIVE-5400 Project: Hive Issue Type: Sub-task Reporter: Brock Noland Assignee: Brock Noland Fix For: 0.13.0 Attachments: HIVE-5400.patch, HIVE-5400.patch, HIVE-5400.patch From here: https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220 I think we should afford admins who want to disable this functionality the ability to do so. Since such admins might want to disable other commands such as add or dfs, it wouldn't be much trouble to allow them to do this as well. For example we could have a configuration option hive.available.commands (or similar) which specified add,set,delete,reset, etc by default. Then check this value in CommandProcessorFactory. It would probably make sense to add this property to the restrict list. -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Commented] (HIVE-5400) Allow admins to disable compile and other commands
[ https://issues.apache.org/jira/browse/HIVE-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13831930#comment-13831930 ] Thejas M Nair commented on HIVE-5400: - bq. but hive.conf.restricted.list is not documented in the wiki. bq. Should it be in the wiki? Yes bq. If so, which release added it? hive 0.11 . (patch HIVE-2935) Allow admins to disable compile and other commands -- Key: HIVE-5400 URL: https://issues.apache.org/jira/browse/HIVE-5400 Project: Hive Issue Type: Sub-task Reporter: Brock Noland Assignee: Brock Noland Fix For: 0.13.0 Attachments: HIVE-5400.patch, HIVE-5400.patch, HIVE-5400.patch From here: https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220 I think we should afford admins who want to disable this functionality the ability to do so. Since such admins might want to disable other commands such as add or dfs, it wouldn't be much trouble to allow them to do this as well. For example we could have a configuration option hive.available.commands (or similar) which specified add,set,delete,reset, etc by default. Then check this value in CommandProcessorFactory. It would probably make sense to add this property to the restrict list. -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Commented] (HIVE-5400) Allow admins to disable compile and other commands
[ https://issues.apache.org/jira/browse/HIVE-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13830619#comment-13830619 ] Lefty Leverenz commented on HIVE-5400: -- Added this at the end of the [Hive Client Security|https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-HiveClientSecurity] section: hive.security.command.whitelist * Default Value: set,reset,dfs,add,delete * Added In: Hive 0.13.0 with HIVE-5400 Comma separated list of non-SQL Hive commands that users are authorized to execute. This can be used to restrict the set of authorized commands. The currently supported command list is set,reset,dfs,add,delete and by default all these commands are authorized. To restrict any of these commands, set hive.security.command.whitelist to a value that does not have the command in it. Allow admins to disable compile and other commands -- Key: HIVE-5400 URL: https://issues.apache.org/jira/browse/HIVE-5400 Project: Hive Issue Type: Sub-task Reporter: Brock Noland Assignee: Brock Noland Fix For: 0.13.0 Attachments: HIVE-5400.patch, HIVE-5400.patch, HIVE-5400.patch From here: https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220 I think we should afford admins who want to disable this functionality the ability to do so. Since such admins might want to disable other commands such as add or dfs, it wouldn't be much trouble to allow them to do this as well. For example we could have a configuration option hive.available.commands (or similar) which specified add,set,delete,reset, etc by default. Then check this value in CommandProcessorFactory. It would probably make sense to add this property to the restrict list. -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Commented] (HIVE-5400) Allow admins to disable compile and other commands
[
https://issues.apache.org/jira/browse/HIVE-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13830626#comment-13830626
]
Lefty Leverenz commented on HIVE-5400:
--
The patch adds {{hive.security.command.whitelist}}
{{hive.conf.restricted.list}} to hive-default.xml.template, but
{{hive.conf.restricted.list}} is not documented in the wiki.
* Should it be in the wiki?
* If so, which release added it?
_Trivia:_ both descriptions spell separated wrong (seperated):
property
+ namehive.security.command.whitelist/name
+ valueset,reset,dfs,add,delete/value
+ descriptionComma seperated list of non-SQL Hive commands users are
authorized to execute/description
+/property
+
+property
+ namehive.conf.restricted.list/name
+ value/value
+ descriptionComma seperated list of configuration options which are
immutable at runtime/description
+/property
Allow admins to disable compile and other commands
--
Key: HIVE-5400
URL: https://issues.apache.org/jira/browse/HIVE-5400
Project: Hive
Issue Type: Sub-task
Reporter: Brock Noland
Assignee: Brock Noland
Fix For: 0.13.0
Attachments: HIVE-5400.patch, HIVE-5400.patch, HIVE-5400.patch
From here:
https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220
I think we should afford admins who want to disable this functionality the
ability to do so. Since such admins might want to disable other commands such
as add or dfs, it wouldn't be much trouble to allow them to do this as well.
For example we could have a configuration option hive.available.commands
(or similar) which specified add,set,delete,reset, etc by default. Then check
this value in CommandProcessorFactory. It would probably make sense to add
this property to the restrict list.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
[jira] [Commented] (HIVE-5400) Allow admins to disable compile and other commands
[ https://issues.apache.org/jira/browse/HIVE-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13825887#comment-13825887 ] Thejas M Nair commented on HIVE-5400: - [~le...@hortonworks.com] Yes, that section sounds good. It belongs to the subsection Hive Client Security. Thanks for updating the docs! Allow admins to disable compile and other commands -- Key: HIVE-5400 URL: https://issues.apache.org/jira/browse/HIVE-5400 Project: Hive Issue Type: Sub-task Reporter: Brock Noland Assignee: Brock Noland Fix For: 0.13.0 Attachments: HIVE-5400.patch, HIVE-5400.patch, HIVE-5400.patch From here: https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220 I think we should afford admins who want to disable this functionality the ability to do so. Since such admins might want to disable other commands such as add or dfs, it wouldn't be much trouble to allow them to do this as well. For example we could have a configuration option hive.available.commands (or similar) which specified add,set,delete,reset, etc by default. Then check this value in CommandProcessorFactory. It would probably make sense to add this property to the restrict list. -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Commented] (HIVE-5400) Allow admins to disable compile and other commands
[ https://issues.apache.org/jira/browse/HIVE-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13822159#comment-13822159 ] Lefty Leverenz commented on HIVE-5400: -- Got it, thanks [~thejas]. I'll add hive.security.command.whitelist to the Configuration Properties doc in the [Authentication/Authorization|https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-Authentication%2FAuthorization] section. Does it belong in the subsection Hive Client Security or does it also apply to metastore security (in which case it could have a new subsection, perhaps at the beginning of Authentication/Authorization)? Allow admins to disable compile and other commands -- Key: HIVE-5400 URL: https://issues.apache.org/jira/browse/HIVE-5400 Project: Hive Issue Type: Sub-task Reporter: Brock Noland Assignee: Brock Noland Fix For: 0.13.0 Attachments: HIVE-5400.patch, HIVE-5400.patch, HIVE-5400.patch From here: https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220 I think we should afford admins who want to disable this functionality the ability to do so. Since such admins might want to disable other commands such as add or dfs, it wouldn't be much trouble to allow them to do this as well. For example we could have a configuration option hive.available.commands (or similar) which specified add,set,delete,reset, etc by default. Then check this value in CommandProcessorFactory. It would probably make sense to add this property to the restrict list. -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Commented] (HIVE-5400) Allow admins to disable compile and other commands
[
https://issues.apache.org/jira/browse/HIVE-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13785019#comment-13785019
]
Hive QA commented on HIVE-5400:
---
{color:green}Overall{color}: +1 all checks pass
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12606456/HIVE-5400.patch
{color:green}SUCCESS:{color} +1 4046 tests passed
Test results: https://builds.apache.org/job/PreCommit-HIVE-Build/1008/testReport
Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/1008/console
Messages:
{noformat}
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
{noformat}
This message is automatically generated.
Allow admins to disable compile and other commands
--
Key: HIVE-5400
URL: https://issues.apache.org/jira/browse/HIVE-5400
Project: Hive
Issue Type: Sub-task
Reporter: Brock Noland
Assignee: Edward Capriolo
Attachments: HIVE-5400.patch, HIVE-5400.patch, HIVE-5400.patch
From here:
https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220
I think we should afford admins who want to disable this functionality the
ability to do so. Since such admins might want to disable other commands such
as add or dfs, it wouldn't be much trouble to allow them to do this as well.
For example we could have a configuration option hive.available.commands
(or similar) which specified add,set,delete,reset, etc by default. Then check
this value in CommandProcessorFactory. It would probably make sense to add
this property to the restrict list.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
[jira] [Commented] (HIVE-5400) Allow admins to disable compile and other commands
[
https://issues.apache.org/jira/browse/HIVE-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13783893#comment-13783893
]
Edward Capriolo commented on HIVE-5400:
---
Well lets do this. Lets extend the Command interface class.
{code}
interface Command {
public ListString provides = { set, bla , bla }
}
{code}
Then lets let the CommandProcessorFactory look a the users session state, the
hive conf, and determine to give back a command or throw an exception.
This maye be harder then it sounds but it feels like a clean way to do it. This
allows us to plug in new commands without much hassle.
Allow admins to disable compile and other commands
--
Key: HIVE-5400
URL: https://issues.apache.org/jira/browse/HIVE-5400
Project: Hive
Issue Type: Sub-task
Reporter: Brock Noland
Assignee: Edward Capriolo
Attachments: HIVE-5400.patch
From here:
https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220
I think we should afford admins who want to disable this functionality the
ability to do so. Since such admins might want to disable other commands such
as add or dfs, it wouldn't be much trouble to allow them to do this as well.
For example we could have a configuration option hive.available.commands
(or similar) which specified add,set,delete,reset, etc by default. Then check
this value in CommandProcessorFactory. It would probably make sense to add
this property to the restrict list.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
[jira] [Commented] (HIVE-5400) Allow admins to disable compile and other commands
[ https://issues.apache.org/jira/browse/HIVE-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13784225#comment-13784225 ] Brock Noland commented on HIVE-5400: Hey, Yep, I had a patch in progress when you commented. :) It's slightly different than the suggestion but achieves the same result: Adding commands will be easier since single switch board is used and a test will fail if a command is added but either hive.available.commands isn't updated or the switch board isn't updated. The new patch works for all execution methods and removes the independent switchboard logic from HS2. Allow admins to disable compile and other commands -- Key: HIVE-5400 URL: https://issues.apache.org/jira/browse/HIVE-5400 Project: Hive Issue Type: Sub-task Reporter: Brock Noland Assignee: Edward Capriolo Attachments: HIVE-5400.patch, HIVE-5400.patch From here: https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220 I think we should afford admins who want to disable this functionality the ability to do so. Since such admins might want to disable other commands such as add or dfs, it wouldn't be much trouble to allow them to do this as well. For example we could have a configuration option hive.available.commands (or similar) which specified add,set,delete,reset, etc by default. Then check this value in CommandProcessorFactory. It would probably make sense to add this property to the restrict list. -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Commented] (HIVE-5400) Allow admins to disable compile and other commands
[ https://issues.apache.org/jira/browse/HIVE-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13784351#comment-13784351 ] Edward Capriolo commented on HIVE-5400: --- I will look at this later tonight. Allow admins to disable compile and other commands -- Key: HIVE-5400 URL: https://issues.apache.org/jira/browse/HIVE-5400 Project: Hive Issue Type: Sub-task Reporter: Brock Noland Assignee: Edward Capriolo Attachments: HIVE-5400.patch, HIVE-5400.patch From here: https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220 I think we should afford admins who want to disable this functionality the ability to do so. Since such admins might want to disable other commands such as add or dfs, it wouldn't be much trouble to allow them to do this as well. For example we could have a configuration option hive.available.commands (or similar) which specified add,set,delete,reset, etc by default. Then check this value in CommandProcessorFactory. It would probably make sense to add this property to the restrict list. -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Commented] (HIVE-5400) Allow admins to disable compile and other commands
[ https://issues.apache.org/jira/browse/HIVE-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13784653#comment-13784653 ] Edward Capriolo commented on HIVE-5400: --- Question. Would we be better or returning CommandProcessorResponse's or throwing a new type of exception? I am struggling to rationalize SQLExceptions thrown from this part of hive code. Allow admins to disable compile and other commands -- Key: HIVE-5400 URL: https://issues.apache.org/jira/browse/HIVE-5400 Project: Hive Issue Type: Sub-task Reporter: Brock Noland Assignee: Edward Capriolo Attachments: HIVE-5400.patch, HIVE-5400.patch, HIVE-5400.patch From here: https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220 I think we should afford admins who want to disable this functionality the ability to do so. Since such admins might want to disable other commands such as add or dfs, it wouldn't be much trouble to allow them to do this as well. For example we could have a configuration option hive.available.commands (or similar) which specified add,set,delete,reset, etc by default. Then check this value in CommandProcessorFactory. It would probably make sense to add this property to the restrict list. -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Commented] (HIVE-5400) Allow admins to disable compile and other commands
[
https://issues.apache.org/jira/browse/HIVE-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13784657#comment-13784657
]
Hive QA commented on HIVE-5400:
---
{color:green}Overall{color}: +1 all checks pass
Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/12606456/HIVE-5400.patch
{color:green}SUCCESS:{color} +1 4046 tests passed
Test results: https://builds.apache.org/job/PreCommit-HIVE-Build/1001/testReport
Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/1001/console
Messages:
{noformat}
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
{noformat}
This message is automatically generated.
Allow admins to disable compile and other commands
--
Key: HIVE-5400
URL: https://issues.apache.org/jira/browse/HIVE-5400
Project: Hive
Issue Type: Sub-task
Reporter: Brock Noland
Assignee: Edward Capriolo
Attachments: HIVE-5400.patch, HIVE-5400.patch, HIVE-5400.patch
From here:
https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220
I think we should afford admins who want to disable this functionality the
ability to do so. Since such admins might want to disable other commands such
as add or dfs, it wouldn't be much trouble to allow them to do this as well.
For example we could have a configuration option hive.available.commands
(or similar) which specified add,set,delete,reset, etc by default. Then check
this value in CommandProcessorFactory. It would probably make sense to add
this property to the restrict list.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
[jira] [Commented] (HIVE-5400) Allow admins to disable compile and other commands
[ https://issues.apache.org/jira/browse/HIVE-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13784737#comment-13784737 ] Brock Noland commented on HIVE-5400: Edward, Thank you very much for taking a look at this patch! bq. Would we be better or returning CommandProcessorResponse's Several of the execution methods will do further processing before invoking the processor so I don't feel we should invoke the processor and then return the result. Additionally in general it's common to use a factory to get the executor and then call the executor in the callers context as it sees fit. This approach fits that paradigm. bq. or throwing a new type of exception? I am struggling to rationalize SQLExceptions thrown from this part of hive code. I certainly empathize with your feeling but I don't feel Hive we have the correct hierarchy to implement anything better at this point. In regards to throwing a SQLException I don't see what the advantage of throwing a separate exception would be. We are indicating the correct SQL State. But more importantly two callers are only going to log it regardless of the exception type and the third (HS2) is simply going to convert it to a HiveSQLException. I'd prefer to throw a HiveSQLException but that is a member of the service module and since service depends on ql it would create a circular dependency. If at some point in the future we create additional layers of abstraction between the tool interface and the execution implementation then I could see an improved exception hierarchy. However, I don't feel that is a blocker for this patch. If there are concrete suggestions on this aspect I think it'd be a good use of a follow-on JIRA. The patch available at present improves admin's control, improves our switchboard logic, improves maintainability, and deletes almost as much code as it adds. Allow admins to disable compile and other commands -- Key: HIVE-5400 URL: https://issues.apache.org/jira/browse/HIVE-5400 Project: Hive Issue Type: Sub-task Reporter: Brock Noland Assignee: Edward Capriolo Attachments: HIVE-5400.patch, HIVE-5400.patch, HIVE-5400.patch From here: https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220 I think we should afford admins who want to disable this functionality the ability to do so. Since such admins might want to disable other commands such as add or dfs, it wouldn't be much trouble to allow them to do this as well. For example we could have a configuration option hive.available.commands (or similar) which specified add,set,delete,reset, etc by default. Then check this value in CommandProcessorFactory. It would probably make sense to add this property to the restrict list. -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Commented] (HIVE-5400) Allow admins to disable compile and other commands
[ https://issues.apache.org/jira/browse/HIVE-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13784762#comment-13784762 ] Edward Capriolo commented on HIVE-5400: --- Agreed on the SQLException leave it as is. There is one more idea I want to pitch. Does it make more sense to implement a blacklist then a whitelist? Generally we fall on the side of leaving dangerous things on and not limiting features. A good example is hive.strict.mode. It should be on by default it all production deployments, but we have it off for the purposes of unit testing. Maybe I am biased here, but as a person who used hadoop before security I would rather things worked out of the box and I could turn them off later, other then the opposite. Again this is just a thought, and if you like the whitelist better lets just keep this. Allow admins to disable compile and other commands -- Key: HIVE-5400 URL: https://issues.apache.org/jira/browse/HIVE-5400 Project: Hive Issue Type: Sub-task Reporter: Brock Noland Assignee: Edward Capriolo Attachments: HIVE-5400.patch, HIVE-5400.patch, HIVE-5400.patch From here: https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220 I think we should afford admins who want to disable this functionality the ability to do so. Since such admins might want to disable other commands such as add or dfs, it wouldn't be much trouble to allow them to do this as well. For example we could have a configuration option hive.available.commands (or similar) which specified add,set,delete,reset, etc by default. Then check this value in CommandProcessorFactory. It would probably make sense to add this property to the restrict list. -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Commented] (HIVE-5400) Allow admins to disable compile and other commands
[
https://issues.apache.org/jira/browse/HIVE-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13783365#comment-13783365
]
Edward Capriolo commented on HIVE-5400:
---
[~brocknoland]
Lets slow down a second. I think patching in this support for only hs2 is short
sided. I think we do want to bring this code all the way down to the CLI, even
if a local mode CLI can avoid this protection, I think completely skipping the
local mode code path is the wrong way. Also I do not like the hard codes here:
{code}
String[] commands = {set, dfs, add, delete};
{code}
We have already abstractions like Processors and a class that acts as a
switchboard, I think they should have a way of describing what types of
commands they provide (enum possibly), and then letting the switch board make
the choice.
Lets come up with a clean design that makes sense in the long run and is
manageable not just something we hack in.
Allow admins to disable compile and other commands
--
Key: HIVE-5400
URL: https://issues.apache.org/jira/browse/HIVE-5400
Project: Hive
Issue Type: Sub-task
Reporter: Brock Noland
Assignee: Edward Capriolo
Attachments: HIVE-5400.patch
From here:
https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220
I think we should afford admins who want to disable this functionality the
ability to do so. Since such admins might want to disable other commands such
as add or dfs, it wouldn't be much trouble to allow them to do this as well.
For example we could have a configuration option hive.available.commands
(or similar) which specified add,set,delete,reset, etc by default. Then check
this value in CommandProcessorFactory. It would probably make sense to add
this property to the restrict list.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
[jira] [Commented] (HIVE-5400) Allow admins to disable compile and other commands
[ https://issues.apache.org/jira/browse/HIVE-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13783368#comment-13783368 ] Edward Capriolo commented on HIVE-5400: --- Did not mean hack in in a bad way. But we do not want a lot of strings and have connect the dots between seemingly unrelated classes as to why a feature is working or not. Allow admins to disable compile and other commands -- Key: HIVE-5400 URL: https://issues.apache.org/jira/browse/HIVE-5400 Project: Hive Issue Type: Sub-task Reporter: Brock Noland Assignee: Edward Capriolo Attachments: HIVE-5400.patch From here: https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220 I think we should afford admins who want to disable this functionality the ability to do so. Since such admins might want to disable other commands such as add or dfs, it wouldn't be much trouble to allow them to do this as well. For example we could have a configuration option hive.available.commands (or similar) which specified add,set,delete,reset, etc by default. Then check this value in CommandProcessorFactory. It would probably make sense to add this property to the restrict list. -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Commented] (HIVE-5400) Allow admins to disable compile and other commands
[ https://issues.apache.org/jira/browse/HIVE-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13783391#comment-13783391 ] Brock Noland commented on HIVE-5400: I am fine with implementing this for both HS2 and CLI/HS1 and since we use strings for CLi, HS1, and HS2 at present. I can add an enum which will be used by all three. Allow admins to disable compile and other commands -- Key: HIVE-5400 URL: https://issues.apache.org/jira/browse/HIVE-5400 Project: Hive Issue Type: Sub-task Reporter: Brock Noland Assignee: Edward Capriolo Attachments: HIVE-5400.patch From here: https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220 I think we should afford admins who want to disable this functionality the ability to do so. Since such admins might want to disable other commands such as add or dfs, it wouldn't be much trouble to allow them to do this as well. For example we could have a configuration option hive.available.commands (or similar) which specified add,set,delete,reset, etc by default. Then check this value in CommandProcessorFactory. It would probably make sense to add this property to the restrict list. -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Commented] (HIVE-5400) Allow admins to disable compile and other commands
[
https://issues.apache.org/jira/browse/HIVE-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13782334#comment-13782334
]
Edward Capriolo commented on HIVE-5400:
---
Do we have a way to enforce this? Is their any command property that a user can
not edit?
{quote}
ssh hacker@hive
#bin/hive
hive set hive.available.commands=all
{quote}
Allow admins to disable compile and other commands
--
Key: HIVE-5400
URL: https://issues.apache.org/jira/browse/HIVE-5400
Project: Hive
Issue Type: Sub-task
Reporter: Brock Noland
From here:
https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220
I think we should afford admins who want to disable this functionality the
ability to do so. Since such admins might want to disable other commands such
as add or dfs, it wouldn't be much trouble to allow them to do this as well.
For example we could have a configuration option hive.available.commands
(or similar) which specified add,set,delete,reset, etc by default. Then check
this value in CommandProcessorFactory. It would probably make sense to add
this property to the restrict list.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
[jira] [Commented] (HIVE-5400) Allow admins to disable compile and other commands
[ https://issues.apache.org/jira/browse/HIVE-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13782342#comment-13782342 ] Brock Noland commented on HIVE-5400: Not for users that invoke hive directly, but I know many environments which use the restrict list + hive server 2 to disallow setting of many properties. Allow admins to disable compile and other commands -- Key: HIVE-5400 URL: https://issues.apache.org/jira/browse/HIVE-5400 Project: Hive Issue Type: Sub-task Reporter: Brock Noland From here: https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220 I think we should afford admins who want to disable this functionality the ability to do so. Since such admins might want to disable other commands such as add or dfs, it wouldn't be much trouble to allow them to do this as well. For example we could have a configuration option hive.available.commands (or similar) which specified add,set,delete,reset, etc by default. Then check this value in CommandProcessorFactory. It would probably make sense to add this property to the restrict list. -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Commented] (HIVE-5400) Allow admins to disable compile and other commands
[ https://issues.apache.org/jira/browse/HIVE-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13782351#comment-13782351 ] Edward Capriolo commented on HIVE-5400: --- It is important to note that Apache Hive does not have to concern itself with how this feature functions with external tools like Sentry. Hive's security model is optimistic and by no means definitive. I do not see it as a blocker because none of the other Processors provide any security (including the !) which allows people the ability to launch local commands. That being said, I do not have issue building the feature in such a way that allows some levels of control. Which is simple because in essence this is a very small patch. Allow admins to disable compile and other commands -- Key: HIVE-5400 URL: https://issues.apache.org/jira/browse/HIVE-5400 Project: Hive Issue Type: Sub-task Reporter: Brock Noland From here: https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220 I think we should afford admins who want to disable this functionality the ability to do so. Since such admins might want to disable other commands such as add or dfs, it wouldn't be much trouble to allow them to do this as well. For example we could have a configuration option hive.available.commands (or similar) which specified add,set,delete,reset, etc by default. Then check this value in CommandProcessorFactory. It would probably make sense to add this property to the restrict list. -- This message was sent by Atlassian JIRA (v6.1#6144)
[jira] [Commented] (HIVE-5400) Allow admins to disable compile and other commands
[
https://issues.apache.org/jira/browse/HIVE-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13782353#comment-13782353
]
Edward Capriolo commented on HIVE-5400:
---
{quote}
Not for users that invoke hive directly, but I know many environments which use
the restrict list + hive server 2 to disallow setting of many properties.
{quote}
Ok then the feature seems fairly simple to create and manage then.
Allow admins to disable compile and other commands
--
Key: HIVE-5400
URL: https://issues.apache.org/jira/browse/HIVE-5400
Project: Hive
Issue Type: Sub-task
Reporter: Brock Noland
From here:
https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220
I think we should afford admins who want to disable this functionality the
ability to do so. Since such admins might want to disable other commands such
as add or dfs, it wouldn't be much trouble to allow them to do this as well.
For example we could have a configuration option hive.available.commands
(or similar) which specified add,set,delete,reset, etc by default. Then check
this value in CommandProcessorFactory. It would probably make sense to add
this property to the restrict list.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
[jira] [Commented] (HIVE-5400) Allow admins to disable compile and other commands
[ https://issues.apache.org/jira/browse/HIVE-5400?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanelfocusedCommentId=13782373#comment-13782373 ] Brock Noland commented on HIVE-5400: bq. It is important to note that Apache Hive does not have to concern itself with how this feature functions with external tools like Sentry. Sorry I wasn't more clear...since Sentry is so new I was specifically referring to production deployments sans Sentry. bq. Ok then the feature seems fairly simple to create and manage then. Yeah it should be a pretty small patch. Unless you are already working on it, I would have no issue taking this one up. Allow admins to disable compile and other commands -- Key: HIVE-5400 URL: https://issues.apache.org/jira/browse/HIVE-5400 Project: Hive Issue Type: Sub-task Reporter: Brock Noland Assignee: Edward Capriolo From here: https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220 I think we should afford admins who want to disable this functionality the ability to do so. Since such admins might want to disable other commands such as add or dfs, it wouldn't be much trouble to allow them to do this as well. For example we could have a configuration option hive.available.commands (or similar) which specified add,set,delete,reset, etc by default. Then check this value in CommandProcessorFactory. It would probably make sense to add this property to the restrict list. -- This message was sent by Atlassian JIRA (v6.1#6144)
