hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "jiraposter@reviews.apache.org (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode
Date Mon, 19 Dec 2011 22:53:31 GMT

    [ https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13172703#comment-13172703
] 

jiraposter@reviews.apache.org commented on HIVE-2616:
-----------------------------------------------------



bq.  On 2011-12-19 22:45:48, Carl Steinbach wrote:
bq.  > trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java,
line 279
bq.  > <https://reviews.apache.org/r/2975/diff/3/?file=65044#file65044line279>
bq.  >
bq.  >     > you dont want existing application to break when server is upgraded and
is running with setugi on
bq.  >     
bq.  >     Right, but this is the client-side, which is a little different. If the client
requests set_ugi and doesn't get it I think it may be better to throw an exception. Right
now it doesn't seem like the client has any way of knowing whether or not their set_ugi request
has been honored.

bq.  Right, but this is the client-side, which is a little different. If the client requests
set_ugi and doesn't get it I think it may be better to throw an exception. 
Since this is a current behavior, I am inclined to keep it that way. If we throw an exception,
this will be change of behavior and will surprise those apps. 

bq.  Right now it doesn't seem like the client has any way of knowing whether or not their
set_ugi request has been honored.
Client catches TException and logs it, so client can know about it, if it wants to.


- Ashutosh


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/2975/#review3987
-----------------------------------------------------------


On 2011-12-17 02:42:36, Ashutosh Chauhan wrote:
bq.  
bq.  -----------------------------------------------------------
bq.  This is an automatically generated e-mail. To reply, visit:
bq.  https://reviews.apache.org/r/2975/
bq.  -----------------------------------------------------------
bq.  
bq.  (Updated 2011-12-17 02:42:36)
bq.  
bq.  
bq.  Review request for hive.
bq.  
bq.  
bq.  Summary
bq.  -------
bq.  
bq.  Pass user identity in metastore connection in unsecure mode
bq.  
bq.  
bq.  This addresses bug HIVE-2616.
bq.      https://issues.apache.org/jira/browse/HIVE-2616
bq.  
bq.  
bq.  Diffs
bq.  -----
bq.  
bq.    trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 1215380 
bq.    trunk/conf/hive-default.xml.template 1215380 
bq.    trunk/metastore/if/hive_metastore.thrift 1215380 
bq.    trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h 1215380 
bq.    trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp 1215380 
bq.    trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp 1215380

bq.    trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java
1215380 
bq.    trunk/metastore/src/gen/thrift/gen-php/hive_metastore/ThriftHiveMetastore.php 1215380

bq.    trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote 1215380

bq.    trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py 1215380

bq.    trunk/metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb 1215380 
bq.    trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java 1215380

bq.    trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java
1215380 
bq.    trunk/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIBasedProcessor.java PRE-CREATION

bq.    trunk/shims/ivy.xml 1215380 
bq.    trunk/shims/src/0.20/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java 1215380 
bq.    trunk/shims/src/0.20S/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java 1215380

bq.    trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java
1215380 
bq.    trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/client/TUGIAssumingTransport.java
PRE-CREATION 
bq.    trunk/shims/src/common/java/org/apache/hadoop/hive/shims/HadoopShims.java 1215380 
bq.    trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TFilterTransport.java PRE-CREATION

bq.    trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TUGIContainingTransport.java
PRE-CREATION 
bq.  
bq.  Diff: https://reviews.apache.org/r/2975/diff
bq.  
bq.  
bq.  Testing
bq.  -------
bq.  
bq.  All the tests in metastore dir passes. Manually tested that file on hdfs is owned by
user running the client and not by user running metastore server.
bq.  
bq.  
bq.  Thanks,
bq.  
bq.  Ashutosh
bq.  
bq.


                
> Passing user identity from metastore client to server in non-secure mode
> ------------------------------------------------------------------------
>
>                 Key: HIVE-2616
>                 URL: https://issues.apache.org/jira/browse/HIVE-2616
>             Project: Hive
>          Issue Type: Bug
>          Components: Metastore
>            Reporter: Ashutosh Chauhan
>            Assignee: Ashutosh Chauhan
>         Attachments: hive-2616.patch, hive-2616_1.patch, hive-2616_3.patch, hive-2616_4.patch
>
>
> Currently in unsecure mode client don't pass on user identity. As a result hdfs and other
operations done by server gets executed by user running metastore process instead of being
done in context of client. This results in problem as reported here: 
> http://mail-archives.apache.org/mod_mbox/hive-user/201111.mbox/%3CCAK0mCrRC3aPqtRHDe2J25Rm0JX6TS1KXxd7KPjqJjoqBjg=APA@mail.gmail.com%3E

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message