Hi,
I am having trouble getting Impersonation to work. Using Drill 1.7, I have
a drill user, user1, and user2. Drill is started as the drill user. I am
testing impersonation on the local file system dfs default storage plugin
on a linux server. I have setup some files that are owned by user1 and
user2 with 600 permissions, and am using the sqlline tool to test access.
However, I am not able to access either file logged in as user1 or user2.
Only when I change permissions so that the drill user can read am I able to
access either file. I have confirmed that impersonation is enabled using
the following:
select * from sys.boot where name like '%impersonation%';
+-------------------------------------------------+----------+-------+---------+----------+-------------+-----------+------------+
| name | kind | type |
status | num_val | string_val | bool_val | float_val |
+-------------------------------------------------+----------+-------+---------+----------+-------------+-----------+------------+
| drill.exec.impersonation.enabled | BOOLEAN | BOOT |
BOOT | null | null | true | null |
| drill.exec.impersonation.max_chained_user_hops | LONG | BOOT |
BOOT | 2 | null | null | null |
+-------------------------------------------------+----------+-------+---------+----------+-------------+-----------+------------+
My override conf is:
drill.exec: {
cluster-id: "mydrillbits",
zk: {
connect: "10.80.22.238:2181",
root: "drill",
refresh: 500,
timeout: 5000,
retry: {
count: 7200,
delay: 500
}
},
http: {
enabled: true,
ssl_enabled: true,
port: 8047
},
impersonation: {
enabled: true,
max_chained_user_hops: 2
},
security.user.auth {
enabled: true,
packages += "org.apache.drill.exec.rpc.user.security",
impl: "pam",
pam_profiles: [ "sudo", "login" ]
}
}
Has anyone had similar problems, or am I misunderstanding how user
impersonation works?
Thanks for your time,
Scott
