Return-Path: X-Original-To: apmail-hive-dev-archive@www.apache.org Delivered-To: apmail-hive-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 3FBD171D0 for ; Mon, 19 Dec 2011 22:53:57 +0000 (UTC) Received: (qmail 76382 invoked by uid 500); 19 Dec 2011 22:53:57 -0000 Delivered-To: apmail-hive-dev-archive@hive.apache.org Received: (qmail 76354 invoked by uid 500); 19 Dec 2011 22:53:57 -0000 Mailing-List: contact dev-help@hive.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@hive.apache.org Delivered-To: mailing list dev@hive.apache.org Received: (qmail 76344 invoked by uid 500); 19 Dec 2011 22:53:56 -0000 Delivered-To: apmail-hadoop-hive-dev@hadoop.apache.org Received: (qmail 76341 invoked by uid 99); 19 Dec 2011 22:53:56 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 19 Dec 2011 22:53:56 +0000 X-ASF-Spam-Status: No, hits=-2002.5 required=5.0 tests=ALL_TRUSTED,RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 19 Dec 2011 22:53:53 +0000 Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116]) by hel.zones.apache.org (Postfix) with ESMTP id BCA9411C428 for ; Mon, 19 Dec 2011 22:53:31 +0000 (UTC) Date: Mon, 19 Dec 2011 22:53:31 +0000 (UTC) From: "jiraposter@reviews.apache.org (Commented) (JIRA)" To: hive-dev@hadoop.apache.org Message-ID: <33542664.28509.1324335211774.JavaMail.tomcat@hel.zones.apache.org> In-Reply-To: <112259279.24504.1322621500386.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Commented] (HIVE-2616) Passing user identity from metastore client to server in non-secure mode MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/HIVE-2616?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13172703#comment-13172703 ] jiraposter@reviews.apache.org commented on HIVE-2616: ----------------------------------------------------- bq. On 2011-12-19 22:45:48, Carl Steinbach wrote: bq. > trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java, line 279 bq. > bq. > bq. > > you dont want existing application to break when server is upgraded and is running with setugi on bq. > bq. > Right, but this is the client-side, which is a little different. If the client requests set_ugi and doesn't get it I think it may be better to throw an exception. Right now it doesn't seem like the client has any way of knowing whether or not their set_ugi request has been honored. bq. Right, but this is the client-side, which is a little different. If the client requests set_ugi and doesn't get it I think it may be better to throw an exception. Since this is a current behavior, I am inclined to keep it that way. If we throw an exception, this will be change of behavior and will surprise those apps. bq. Right now it doesn't seem like the client has any way of knowing whether or not their set_ugi request has been honored. Client catches TException and logs it, so client can know about it, if it wants to. - Ashutosh ----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/2975/#review3987 ----------------------------------------------------------- On 2011-12-17 02:42:36, Ashutosh Chauhan wrote: bq. bq. ----------------------------------------------------------- bq. This is an automatically generated e-mail. To reply, visit: bq. https://reviews.apache.org/r/2975/ bq. ----------------------------------------------------------- bq. bq. (Updated 2011-12-17 02:42:36) bq. bq. bq. Review request for hive. bq. bq. bq. Summary bq. ------- bq. bq. Pass user identity in metastore connection in unsecure mode bq. bq. bq. This addresses bug HIVE-2616. bq. https://issues.apache.org/jira/browse/HIVE-2616 bq. bq. bq. Diffs bq. ----- bq. bq. trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java 1215380 bq. trunk/conf/hive-default.xml.template 1215380 bq. trunk/metastore/if/hive_metastore.thrift 1215380 bq. trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.h 1215380 bq. trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore.cpp 1215380 bq. trunk/metastore/src/gen/thrift/gen-cpp/ThriftHiveMetastore_server.skeleton.cpp 1215380 bq. trunk/metastore/src/gen/thrift/gen-javabean/org/apache/hadoop/hive/metastore/api/ThriftHiveMetastore.java 1215380 bq. trunk/metastore/src/gen/thrift/gen-php/hive_metastore/ThriftHiveMetastore.php 1215380 bq. trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore-remote 1215380 bq. trunk/metastore/src/gen/thrift/gen-py/hive_metastore/ThriftHiveMetastore.py 1215380 bq. trunk/metastore/src/gen/thrift/gen-rb/thrift_hive_metastore.rb 1215380 bq. trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStore.java 1215380 bq. trunk/metastore/src/java/org/apache/hadoop/hive/metastore/HiveMetaStoreClient.java 1215380 bq. trunk/metastore/src/java/org/apache/hadoop/hive/metastore/TUGIBasedProcessor.java PRE-CREATION bq. trunk/shims/ivy.xml 1215380 bq. trunk/shims/src/0.20/java/org/apache/hadoop/hive/shims/Hadoop20Shims.java 1215380 bq. trunk/shims/src/0.20S/java/org/apache/hadoop/hive/shims/Hadoop20SShims.java 1215380 bq. trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/HadoopThriftAuthBridge20S.java 1215380 bq. trunk/shims/src/0.20S/java/org/apache/hadoop/hive/thrift/client/TUGIAssumingTransport.java PRE-CREATION bq. trunk/shims/src/common/java/org/apache/hadoop/hive/shims/HadoopShims.java 1215380 bq. trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TFilterTransport.java PRE-CREATION bq. trunk/shims/src/common/java/org/apache/hadoop/hive/thrift/TUGIContainingTransport.java PRE-CREATION bq. bq. Diff: https://reviews.apache.org/r/2975/diff bq. bq. bq. Testing bq. ------- bq. bq. All the tests in metastore dir passes. Manually tested that file on hdfs is owned by user running the client and not by user running metastore server. bq. bq. bq. Thanks, bq. bq. Ashutosh bq. bq. > Passing user identity from metastore client to server in non-secure mode > ------------------------------------------------------------------------ > > Key: HIVE-2616 > URL: https://issues.apache.org/jira/browse/HIVE-2616 > Project: Hive > Issue Type: Bug > Components: Metastore > Reporter: Ashutosh Chauhan > Assignee: Ashutosh Chauhan > Attachments: hive-2616.patch, hive-2616_1.patch, hive-2616_3.patch, hive-2616_4.patch > > > Currently in unsecure mode client don't pass on user identity. As a result hdfs and other operations done by server gets executed by user running metastore process instead of being done in context of client. This results in problem as reported here: > http://mail-archives.apache.org/mod_mbox/hive-user/201111.mbox/%3CCAK0mCrRC3aPqtRHDe2J25Rm0JX6TS1KXxd7KPjqJjoqBjg=APA@mail.gmail.com%3E -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira