hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason Dere (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HIVE-7583) Use FileSystem.access() if available to check file access for user
Date Fri, 01 Aug 2014 00:27:38 GMT

    [ https://issues.apache.org/jira/browse/HIVE-7583?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14081733#comment-14081733
] 

Jason Dere commented on HIVE-7583:
----------------------------------

If using FileSystem.access() to check file access for a user other than the current user,
the current user will need to impersonate the user using doAs().  [~thejas] has also pointed
out that the file checks done in standard SQL authorization should also have been doing doAs()
for the checks it's doing, but currently does not.  Will also address this issue here.

> Use FileSystem.access() if available to check file access for user
> ------------------------------------------------------------------
>
>                 Key: HIVE-7583
>                 URL: https://issues.apache.org/jira/browse/HIVE-7583
>             Project: Hive
>          Issue Type: Bug
>            Reporter: Jason Dere
>            Assignee: Jason Dere
>
> Hive currently implements its own file access checks to determine if a user is allowed
to perform an specified action on a file path (in StorageBasedAuthorizationProvider, also
FileUtils). This can be prone to errors or inconsistencies with how file access is actually
checked in Hadoop.
> HDFS-6570 adds a new FileSystem.access() API, so that we can perform the check using
the actual HDFS logic rather than having to imitate that behavior in Hive. For versions of
Hadoop that have this API available, we should use this API.



--
This message was sent by Atlassian JIRA
(v6.2#6252)

Mime
View raw message