[jira] [Updated] (HIVE-2817) Drop any table even without privilege
[
https://issues.apache.org/jira/browse/HIVE-2817?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Ashutosh Chauhan updated HIVE-2817:
---
Resolution: Fixed
Fix Version/s: 0.13.0
Status: Resolved (was: Patch Available)
Fixed via HIVE-2818 Feel free to reopen if you can still repro.
Drop any table even without privilege
-
Key: HIVE-2817
URL: https://issues.apache.org/jira/browse/HIVE-2817
Project: Hive
Issue Type: Bug
Affects Versions: 0.7.1, 0.8.0, 0.9.0, 0.10.0
Reporter: Benyi Wang
Assignee: Chun Chen
Fix For: 0.13.0
Attachments: HIVE-2817.D10371.1.patch, HIVE-2817.D10563.1.patch
You can drop any table if you use fully qualified name 'database.table' even
you don't have any previlige.
{code}
hive set hive.security.authorization.enabled=true;
hive revoke all on default from user test_user;
hive drop table abc;
hive drop table abc;
Authorization failed:No privilege 'Drop' found for outputs {
database:default, table:abc}. Use show grant to get more details.
hive drop table default.abc;
OK
Time taken: 0.13 seconds
{code}
The table and the file in {{/usr/hive/warehouse}} or external file will be
deleted. If you don't have hadoop access permission on
{{/usr/hive/warehouse}} or external files, you will see a hadoop access error
{code}
12/02/23 15:35:35 ERROR hive.log:
org.apache.hadoop.security.AccessControlException:
org.apache.hadoop.security.AccessControlException: Permission denied:
user=test_user, access=WRITE, inode=/user/myetl:myetl:etl:drwxr-xr-x
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
{code}
--
This message was sent by Atlassian JIRA
(v6.2#6252)
[jira] [Updated] (HIVE-2817) Drop any table even without privilege
[
https://issues.apache.org/jira/browse/HIVE-2817?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Owen O'Malley updated HIVE-2817:
Fix Version/s: (was: 0.11.0)
Drop any table even without privilege
-
Key: HIVE-2817
URL: https://issues.apache.org/jira/browse/HIVE-2817
Project: Hive
Issue Type: Bug
Affects Versions: 0.7.1, 0.8.0, 0.9.0, 0.10.0
Reporter: Benyi Wang
Assignee: Chen Chun
Attachments: HIVE-2817.D10371.1.patch, HIVE-2817.D10563.1.patch
You can drop any table if you use fully qualified name 'database.table' even
you don't have any previlige.
{code}
hive set hive.security.authorization.enabled=true;
hive revoke all on default from user test_user;
hive drop table abc;
hive drop table abc;
Authorization failed:No privilege 'Drop' found for outputs {
database:default, table:abc}. Use show grant to get more details.
hive drop table default.abc;
OK
Time taken: 0.13 seconds
{code}
The table and the file in {{/usr/hive/warehouse}} or external file will be
deleted. If you don't have hadoop access permission on
{{/usr/hive/warehouse}} or external files, you will see a hadoop access error
{code}
12/02/23 15:35:35 ERROR hive.log:
org.apache.hadoop.security.AccessControlException:
org.apache.hadoop.security.AccessControlException: Permission denied:
user=test_user, access=WRITE, inode=/user/myetl:myetl:etl:drwxr-xr-x
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
{code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HIVE-2817) Drop any table even without privilege
[
https://issues.apache.org/jira/browse/HIVE-2817?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Phabricator updated HIVE-2817:
--
Attachment: HIVE-2817.D10563.1.patch
chenchun requested code review of HIVE-2817 [jira] Drop any table even without
privilege.
Reviewers: JIRA
HIVE-2817
You can drop any table if you use fully qualified name 'database.table' even
you don't have any previlige.
hive set hive.security.authorization.enabled=true;
hive revoke all on default from user test_user;
hive drop table abc;
hive drop table abc;
Authorization failed:No privilege 'Drop' found for outputs { database:default,
table:abc}. Use show grant to get more details.
hive drop table default.abc;
OK
Time taken: 0.13 seconds
The table and the file in /usr/hive/warehouse or external file will be deleted.
If you don't have hadoop access permission on /usr/hive/warehouse or external
files, you will see a hadoop access error
12/02/23 15:35:35 ERROR hive.log:
org.apache.hadoop.security.AccessControlException:
org.apache.hadoop.security.AccessControlException: Permission denied:
user=test_user, access=WRITE, inode=/user/myetl:myetl:etl:drwxr-xr-x
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
TEST PLAN
EMPTY
REVISION DETAIL
https://reviews.facebook.net/D10563
AFFECTED FILES
ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java
ql/src/test/queries/clientnegative/authorization_fail_8.q
ql/src/test/results/clientnegative/authorization_fail_8.q.out
MANAGE HERALD RULES
https://reviews.facebook.net/herald/view/differential/
WHY DID I GET THIS EMAIL?
https://reviews.facebook.net/herald/transcript/25287/
To: JIRA, chenchun
Drop any table even without privilege
-
Key: HIVE-2817
URL: https://issues.apache.org/jira/browse/HIVE-2817
Project: Hive
Issue Type: Bug
Affects Versions: 0.7.1
Reporter: Benyi Wang
Assignee: Chen Chun
Attachments: HIVE-2817.D10371.1.patch, HIVE-2817.D10563.1.patch
You can drop any table if you use fully qualified name 'database.table' even
you don't have any previlige.
{code}
hive set hive.security.authorization.enabled=true;
hive revoke all on default from user test_user;
hive drop table abc;
hive drop table abc;
Authorization failed:No privilege 'Drop' found for outputs {
database:default, table:abc}. Use show grant to get more details.
hive drop table default.abc;
OK
Time taken: 0.13 seconds
{code}
The table and the file in {{/usr/hive/warehouse}} or external file will be
deleted. If you don't have hadoop access permission on
{{/usr/hive/warehouse}} or external files, you will see a hadoop access error
{code}
12/02/23 15:35:35 ERROR hive.log:
org.apache.hadoop.security.AccessControlException:
org.apache.hadoop.security.AccessControlException: Permission denied:
user=test_user, access=WRITE, inode=/user/myetl:myetl:etl:drwxr-xr-x
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
{code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HIVE-2817) Drop any table even without privilege
[
https://issues.apache.org/jira/browse/HIVE-2817?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Chen Chun updated HIVE-2817:
Fix Version/s: 0.11.0
Affects Version/s: 0.8.0
0.9.0
0.10.0
Release Note: Fix bug drop any table even without privilege
Hadoop Flags: Incompatible change
Status: Patch Available (was: Open)
Drop any table even without privilege
-
Key: HIVE-2817
URL: https://issues.apache.org/jira/browse/HIVE-2817
Project: Hive
Issue Type: Bug
Affects Versions: 0.10.0, 0.9.0, 0.8.0, 0.7.1
Reporter: Benyi Wang
Assignee: Chen Chun
Fix For: 0.11.0
Attachments: HIVE-2817.D10371.1.patch, HIVE-2817.D10563.1.patch
You can drop any table if you use fully qualified name 'database.table' even
you don't have any previlige.
{code}
hive set hive.security.authorization.enabled=true;
hive revoke all on default from user test_user;
hive drop table abc;
hive drop table abc;
Authorization failed:No privilege 'Drop' found for outputs {
database:default, table:abc}. Use show grant to get more details.
hive drop table default.abc;
OK
Time taken: 0.13 seconds
{code}
The table and the file in {{/usr/hive/warehouse}} or external file will be
deleted. If you don't have hadoop access permission on
{{/usr/hive/warehouse}} or external files, you will see a hadoop access error
{code}
12/02/23 15:35:35 ERROR hive.log:
org.apache.hadoop.security.AccessControlException:
org.apache.hadoop.security.AccessControlException: Permission denied:
user=test_user, access=WRITE, inode=/user/myetl:myetl:etl:drwxr-xr-x
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
{code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HIVE-2817) Drop any table even without privilege
[
https://issues.apache.org/jira/browse/HIVE-2817?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Phabricator updated HIVE-2817:
--
Attachment: HIVE-2817.D10371.1.patch
chenchun requested code review of HIVE-2817 [jira] Drop any table even without
privilege.
Reviewers: JIRA
HIVE-2817 Drop any table even without privilege
You can drop any table if you use fully qualified name 'database.table' even
you don't have any previlige.
hive set hive.security.authorization.enabled=true;
hive revoke all on default from user test_user;
hive drop table abc;
hive drop table abc;
Authorization failed:No privilege 'Drop' found for outputs { database:default,
table:abc}. Use show grant to get more details.
hive drop table default.abc;
OK
Time taken: 0.13 seconds
The table and the file in /usr/hive/warehouse or external file will be deleted.
If you don't have hadoop access permission on /usr/hive/warehouse or external
files, you will see a hadoop access error
12/02/23 15:35:35 ERROR hive.log:
org.apache.hadoop.security.AccessControlException:
org.apache.hadoop.security.AccessControlException: Permission denied:
user=test_user, access=WRITE, inode=/user/myetl:myetl:etl:drwxr-xr-x
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
TEST PLAN
EMPTY
REVISION DETAIL
https://reviews.facebook.net/D10371
AFFECTED FILES
ql/src/java/org/apache/hadoop/hive/ql/parse/DDLSemanticAnalyzer.java
ql/src/test/queries/clientnegative/authorization_fail_8.q
ql/src/test/queries/clientpositive/authorization_8.q
ql/src/test/results/clientnegative/authorization_fail_8.q.out
ql/src/test/results/clientpositive/authorization_8.q.out
MANAGE HERALD RULES
https://reviews.facebook.net/herald/view/differential/
WHY DID I GET THIS EMAIL?
https://reviews.facebook.net/herald/transcript/24831/
To: JIRA, chenchun
Drop any table even without privilege
-
Key: HIVE-2817
URL: https://issues.apache.org/jira/browse/HIVE-2817
Project: Hive
Issue Type: Bug
Affects Versions: 0.7.1
Reporter: Benyi Wang
Attachments: HIVE-2817.D10371.1.patch
You can drop any table if you use fully qualified name 'database.table' even
you don't have any previlige.
{code}
hive set hive.security.authorization.enabled=true;
hive revoke all on default from user test_user;
hive drop table abc;
hive drop table abc;
Authorization failed:No privilege 'Drop' found for outputs {
database:default, table:abc}. Use show grant to get more details.
hive drop table default.abc;
OK
Time taken: 0.13 seconds
{code}
The table and the file in {{/usr/hive/warehouse}} or external file will be
deleted. If you don't have hadoop access permission on
{{/usr/hive/warehouse}} or external files, you will see a hadoop access error
{code}
12/02/23 15:35:35 ERROR hive.log:
org.apache.hadoop.security.AccessControlException:
org.apache.hadoop.security.AccessControlException: Permission denied:
user=test_user, access=WRITE, inode=/user/myetl:myetl:etl:drwxr-xr-x
at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
at
sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:39)
{code}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
