hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chaoyu Tang (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-3756) "LOAD DATA" does not honor permission inheritence
Date Wed, 17 Jul 2013 16:46:51 GMT

    [ https://issues.apache.org/jira/browse/HIVE-3756?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13711258#comment-13711258
] 

Chaoyu Tang commented on HIVE-3756:
-----------------------------------

Yes, IMO, the table should preserve its own permission/group B in the insert-overwrite case.
Here is a use case, a database is created to allow a group to access (the mode of /dbdir can
be 770) and a certain table in this db (/dbdir/tbldir) is only allowed to admin himself (say
permission mode 700). If the admin insert overwrite data to this table, it will change the
/dbdir/tbldir to 770, breaking the security unexpectedly.
I can change code to preserve this permission/group of the overwritten table. It seems a minor
changes. 
                
> "LOAD DATA" does not honor permission inheritence
> -------------------------------------------------
>
>                 Key: HIVE-3756
>                 URL: https://issues.apache.org/jira/browse/HIVE-3756
>             Project: Hive
>          Issue Type: Bug
>          Components: Authorization, Security
>    Affects Versions: 0.9.0
>            Reporter: Johndee Burks
>            Assignee: Chaoyu Tang
>         Attachments: HIVE-3756_1.patch, HIVE-3756.patch
>
>
> When a "LOAD DATA" operation is performed the resulting data in hdfs for the table does
not maintain permission inheritance. This remains true even with the "hive.warehouse.subdir.inherit.perms"
set to true.
> The issue is easily reproducible by creating a table and loading some data into it. After
the load is complete just do a "dfs -ls -R" on the warehouse directory and you will see that
the inheritance of permissions worked for the table directory but not for the data. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message