drill-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Venki Korukanti (JIRA)" <j...@apache.org>
Subject [jira] [Assigned] (DRILL-3041) Impersonation-user can create view against file that user doesn't have read access
Date Tue, 12 May 2015 22:09:01 GMT

     [ https://issues.apache.org/jira/browse/DRILL-3041?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Venki Korukanti reassigned DRILL-3041:
--------------------------------------

    Assignee: Venki Korukanti  (was: Jacques Nadeau)

> Impersonation-user can create view against file that user doesn't have read access 
> -----------------------------------------------------------------------------------
>
>                 Key: DRILL-3041
>                 URL: https://issues.apache.org/jira/browse/DRILL-3041
>             Project: Apache Drill
>          Issue Type: Bug
>          Components: Execution - RPC
>    Affects Versions: 1.0.0
>            Reporter: Krystal
>            Assignee: Venki Korukanti
>             Fix For: 1.1.0
>
>
> git.commit.id.abbrev=d10769f
> I have a file that has the following permission:
> -rwx------   3 qa2 users      63078 2015-01-30 21:19 /drill/testdata/csv/voter.csv
> The directory right above the file has the following permission:
> drwxr-xr-x   - qa2  users          3 2015-05-12 14:22 /drill/testdata/csv
> Logged into sqlline as a different user and attempted to create a view:
> 0: jdbc:drill:schema=dfs.root> CREATE VIEW `dfs.qa1`.`test_v4` AS SELECT columns[0]
as column_0, columns[1] as column_1, columns[2] as column_2, columns[3] as column_3, columns[4]
as column_4, columns[5] as column_5, columns[6] as column_6 FROM `dfs`.`default`.`drill/testdata/csv/voter.csv`
LIMIT 100;
> The view got created successfully. However if I tried to read from the view, I can't
because of the lack of permission to the voter.csv table:
> 0: jdbc:drill:schema=dfs.root> select * from `dfs.qa1`.`test_v4`;
> Error: SYSTEM ERROR: org.apache.hadoop.security.AccessControlException: Open failed for
file: /drill/testdata/csv/voter.csv, error: Permission denied (13)
> Currently drill only check if the folder contains correct permission and not at the file
level when creating views.  It seems odd that a user is allowed to create the view then not
being able to access it afterwards.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message