[jira] [Updated] (HIVE-23339) SBA does not check permissions for DB location specified in Create or Alter database query
[ https://issues.apache.org/jira/browse/HIVE-23339?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shubham Chaurasia updated HIVE-23339: - Resolution: Fixed Status: Resolved (was: Patch Available) > SBA does not check permissions for DB location specified in Create or Alter > database query > -- > > Key: HIVE-23339 > URL: https://issues.apache.org/jira/browse/HIVE-23339 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 3.1.0, 4.0.0 >Reporter: Riju Trivedi >Assignee: Shubham Chaurasia >Priority: Critical > Labels: pull-request-available > Fix For: 4.0.0 > > Attachments: HIVE-23339.01.patch, HIVE-23339.02.patch, > HIVE-23339.03.patch > > Time Spent: 0.5h > Remaining Estimate: 0h > > With doAs=true and StorageBasedAuthorization provider, create database with > specific location succeeds even if user doesn't have access to that path. > > {code:java} > hadoop fs -ls -d /tmp/cannot_write > drwx-- - hive hadoop 0 2020-04-01 22:53 /tmp/cannot_write > create a database under /tmp/cannot_write. We would expect it to fail, but is > actually created successfully with "hive" as the owner: > rtrivedi@bdp01:~> beeline -e "create database rtrivedi_1 location > '/tmp/cannot_write/rtrivedi_1'" > INFO : OK > No rows affected (0.116 seconds) > hive@hpchdd2e:~> hadoop fs -ls /tmp/cannot_write > Found 1 items > drwx-- - hive hadoop 0 2020-04-01 23:05 /tmp/cannot_write/rtrivedi_1 > {code} > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (HIVE-23339) SBA does not check permissions for DB location specified in Create or Alter database query
[ https://issues.apache.org/jira/browse/HIVE-23339?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shubham Chaurasia updated HIVE-23339: - Fix Version/s: 4.0.0 > SBA does not check permissions for DB location specified in Create or Alter > database query > -- > > Key: HIVE-23339 > URL: https://issues.apache.org/jira/browse/HIVE-23339 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 3.1.0, 4.0.0 >Reporter: Riju Trivedi >Assignee: Shubham Chaurasia >Priority: Critical > Labels: pull-request-available > Fix For: 4.0.0 > > Attachments: HIVE-23339.01.patch, HIVE-23339.02.patch, > HIVE-23339.03.patch > > Time Spent: 0.5h > Remaining Estimate: 0h > > With doAs=true and StorageBasedAuthorization provider, create database with > specific location succeeds even if user doesn't have access to that path. > > {code:java} > hadoop fs -ls -d /tmp/cannot_write > drwx-- - hive hadoop 0 2020-04-01 22:53 /tmp/cannot_write > create a database under /tmp/cannot_write. We would expect it to fail, but is > actually created successfully with "hive" as the owner: > rtrivedi@bdp01:~> beeline -e "create database rtrivedi_1 location > '/tmp/cannot_write/rtrivedi_1'" > INFO : OK > No rows affected (0.116 seconds) > hive@hpchdd2e:~> hadoop fs -ls /tmp/cannot_write > Found 1 items > drwx-- - hive hadoop 0 2020-04-01 23:05 /tmp/cannot_write/rtrivedi_1 > {code} > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (HIVE-23339) SBA does not check permissions for DB location specified in Create or Alter database query
[ https://issues.apache.org/jira/browse/HIVE-23339?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shubham Chaurasia updated HIVE-23339: - Affects Version/s: 4.0.0 > SBA does not check permissions for DB location specified in Create or Alter > database query > -- > > Key: HIVE-23339 > URL: https://issues.apache.org/jira/browse/HIVE-23339 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 3.1.0, 4.0.0 >Reporter: Riju Trivedi >Assignee: Shubham Chaurasia >Priority: Critical > Labels: pull-request-available > Attachments: HIVE-23339.01.patch, HIVE-23339.02.patch, > HIVE-23339.03.patch > > Time Spent: 0.5h > Remaining Estimate: 0h > > With doAs=true and StorageBasedAuthorization provider, create database with > specific location succeeds even if user doesn't have access to that path. > > {code:java} > hadoop fs -ls -d /tmp/cannot_write > drwx-- - hive hadoop 0 2020-04-01 22:53 /tmp/cannot_write > create a database under /tmp/cannot_write. We would expect it to fail, but is > actually created successfully with "hive" as the owner: > rtrivedi@bdp01:~> beeline -e "create database rtrivedi_1 location > '/tmp/cannot_write/rtrivedi_1'" > INFO : OK > No rows affected (0.116 seconds) > hive@hpchdd2e:~> hadoop fs -ls /tmp/cannot_write > Found 1 items > drwx-- - hive hadoop 0 2020-04-01 23:05 /tmp/cannot_write/rtrivedi_1 > {code} > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (HIVE-23339) SBA does not check permissions for DB location specified in Create or Alter database query
[ https://issues.apache.org/jira/browse/HIVE-23339?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shubham Chaurasia updated HIVE-23339: - Attachment: HIVE-23339.03.patch > SBA does not check permissions for DB location specified in Create or Alter > database query > -- > > Key: HIVE-23339 > URL: https://issues.apache.org/jira/browse/HIVE-23339 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 3.1.0 >Reporter: Riju Trivedi >Assignee: Shubham Chaurasia >Priority: Critical > Labels: pull-request-available > Attachments: HIVE-23339.01.patch, HIVE-23339.02.patch, > HIVE-23339.03.patch > > Time Spent: 0.5h > Remaining Estimate: 0h > > With doAs=true and StorageBasedAuthorization provider, create database with > specific location succeeds even if user doesn't have access to that path. > > {code:java} > hadoop fs -ls -d /tmp/cannot_write > drwx-- - hive hadoop 0 2020-04-01 22:53 /tmp/cannot_write > create a database under /tmp/cannot_write. We would expect it to fail, but is > actually created successfully with "hive" as the owner: > rtrivedi@bdp01:~> beeline -e "create database rtrivedi_1 location > '/tmp/cannot_write/rtrivedi_1'" > INFO : OK > No rows affected (0.116 seconds) > hive@hpchdd2e:~> hadoop fs -ls /tmp/cannot_write > Found 1 items > drwx-- - hive hadoop 0 2020-04-01 23:05 /tmp/cannot_write/rtrivedi_1 > {code} > -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Updated] (HIVE-23339) SBA does not check permissions for DB location specified in Create or Alter database query
[ https://issues.apache.org/jira/browse/HIVE-23339?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Shubham Chaurasia updated HIVE-23339: - Summary: SBA does not check permissions for DB location specified in Create or Alter database query (was: SBA does not check permissions for DB location specified in Create database query) > SBA does not check permissions for DB location specified in Create or Alter > database query > -- > > Key: HIVE-23339 > URL: https://issues.apache.org/jira/browse/HIVE-23339 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 3.1.0 >Reporter: Riju Trivedi >Assignee: Shubham Chaurasia >Priority: Critical > Labels: pull-request-available > Attachments: HIVE-23339.01.patch, HIVE-23339.02.patch > > Time Spent: 20m > Remaining Estimate: 0h > > With doAs=true and StorageBasedAuthorization provider, create database with > specific location succeeds even if user doesn't have access to that path. > > {code:java} > hadoop fs -ls -d /tmp/cannot_write > drwx-- - hive hadoop 0 2020-04-01 22:53 /tmp/cannot_write > create a database under /tmp/cannot_write. We would expect it to fail, but is > actually created successfully with "hive" as the owner: > rtrivedi@bdp01:~> beeline -e "create database rtrivedi_1 location > '/tmp/cannot_write/rtrivedi_1'" > INFO : OK > No rows affected (0.116 seconds) > hive@hpchdd2e:~> hadoop fs -ls /tmp/cannot_write > Found 1 items > drwx-- - hive hadoop 0 2020-04-01 23:05 /tmp/cannot_write/rtrivedi_1 > {code} > -- This message was sent by Atlassian Jira (v8.3.4#803005)