Impersonation against local file system is not supported. If you are running against hdfs, please take a look at drillbit.log or post relevant part here.
On Thu, Jun 30, 2016 at 8:12 AM, scott <tcots8...@gmail.com> wrote: > Hi, > I am having trouble getting Impersonation to work. Using Drill 1.7, I have > a drill user, user1, and user2. Drill is started as the drill user. I am > testing impersonation on the local file system dfs default storage plugin > on a linux server. I have setup some files that are owned by user1 and > user2 with 600 permissions, and am using the sqlline tool to test access. > However, I am not able to access either file logged in as user1 or user2. > Only when I change permissions so that the drill user can read am I able to > access either file. I have confirmed that impersonation is enabled using > the following: > > select * from sys.boot where name like '%impersonation%'; > > +-------------------------------------------------+----------+-------+---------+----------+-------------+-----------+------------+ > | name | kind | type | > status | num_val | string_val | bool_val | float_val | > > +-------------------------------------------------+----------+-------+---------+----------+-------------+-----------+------------+ > | drill.exec.impersonation.enabled | BOOLEAN | BOOT | > BOOT | null | null | true | null | > | drill.exec.impersonation.max_chained_user_hops | LONG | BOOT | > BOOT | 2 | null | null | null | > > +-------------------------------------------------+----------+-------+---------+----------+-------------+-----------+------------+ > > My override conf is: > drill.exec: { > cluster-id: "mydrillbits", > zk: { > connect: "10.80.22.238:2181", > root: "drill", > refresh: 500, > timeout: 5000, > retry: { > count: 7200, > delay: 500 > } > }, > http: { > enabled: true, > ssl_enabled: true, > port: 8047 > }, > impersonation: { > enabled: true, > max_chained_user_hops: 2 > }, > security.user.auth { > enabled: true, > packages += "org.apache.drill.exec.rpc.user.security", > impl: "pam", > pam_profiles: [ "sudo", "login" ] > } > } > > > Has anyone had similar problems, or am I misunderstanding how user > impersonation works? > > Thanks for your time, > Scott >