Hi, I am having trouble getting Impersonation to work. Using Drill 1.7, I have a drill user, user1, and user2. Drill is started as the drill user. I am testing impersonation on the local file system dfs default storage plugin on a linux server. I have setup some files that are owned by user1 and user2 with 600 permissions, and am using the sqlline tool to test access. However, I am not able to access either file logged in as user1 or user2. Only when I change permissions so that the drill user can read am I able to access either file. I have confirmed that impersonation is enabled using the following:
select * from sys.boot where name like '%impersonation%'; +-------------------------------------------------+----------+-------+---------+----------+-------------+-----------+------------+ | name | kind | type | status | num_val | string_val | bool_val | float_val | +-------------------------------------------------+----------+-------+---------+----------+-------------+-----------+------------+ | drill.exec.impersonation.enabled | BOOLEAN | BOOT | BOOT | null | null | true | null | | drill.exec.impersonation.max_chained_user_hops | LONG | BOOT | BOOT | 2 | null | null | null | +-------------------------------------------------+----------+-------+---------+----------+-------------+-----------+------------+ My override conf is: drill.exec: { cluster-id: "mydrillbits", zk: { connect: "10.80.22.238:2181", root: "drill", refresh: 500, timeout: 5000, retry: { count: 7200, delay: 500 } }, http: { enabled: true, ssl_enabled: true, port: 8047 }, impersonation: { enabled: true, max_chained_user_hops: 2 }, security.user.auth { enabled: true, packages += "org.apache.drill.exec.rpc.user.security", impl: "pam", pam_profiles: [ "sudo", "login" ] } } Has anyone had similar problems, or am I misunderstanding how user impersonation works? Thanks for your time, Scott