drill-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Krystal (JIRA)" <j...@apache.org>
Subject [jira] [Created] (DRILL-3041) Impersonation-user can create view against file that user doesn't have read access
Date Tue, 12 May 2015 21:55:00 GMT
Krystal created DRILL-3041:
------------------------------

             Summary: Impersonation-user can create view against file that user doesn't have
read access 
                 Key: DRILL-3041
                 URL: https://issues.apache.org/jira/browse/DRILL-3041
             Project: Apache Drill
          Issue Type: Bug
          Components: Execution - RPC
    Affects Versions: 1.0.0
            Reporter: Krystal
            Assignee: Jacques Nadeau


git.commit.id.abbrev=d10769f

I have a file that has the following permission:
-rwx------   3 qa2 users      63078 2015-01-30 21:19 /drill/testdata/csv/voter.csv

The directory right above the file has the following permission:
drwxr-xr-x   - qa2  users          3 2015-05-12 14:22 /drill/testdata/csv

Logged into sqlline as a different user and attempted to create a view:
0: jdbc:drill:schema=dfs.root> CREATE VIEW `dfs.qa1`.`test_v4` AS SELECT columns[0] as
column_0, columns[1] as column_1, columns[2] as column_2, columns[3] as column_3, columns[4]
as column_4, columns[5] as column_5, columns[6] as column_6 FROM `dfs`.`default`.`drill/testdata/csv/voter.csv`
LIMIT 100;

The view got created successfully. However if I tried to read from the view, I can't because
of the lack of permission to the voter.csv table:
0: jdbc:drill:schema=dfs.root> select * from `dfs.qa1`.`test_v4`;
Error: SYSTEM ERROR: org.apache.hadoop.security.AccessControlException: Open failed for file:
/drill/testdata/csv/voter.csv, error: Permission denied (13)

Currently drill only check if the folder contains correct permission and not at the file level
when creating views.  It seems odd that a user is allowed to create the view then not being
able to access it afterwards.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message