hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Na Yang (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HIVE-11029) hadoop.proxyuser.mapr.groups does not work to restrict the groups that can be impersonated
Date Tue, 16 Jun 2015 23:20:00 GMT
Na Yang created HIVE-11029:
------------------------------

             Summary: hadoop.proxyuser.mapr.groups does not work to restrict the groups that
can be impersonated
                 Key: HIVE-11029
                 URL: https://issues.apache.org/jira/browse/HIVE-11029
             Project: Hive
          Issue Type: Bug
          Components: HiveServer2
    Affects Versions: 1.2.0, 1.0.0, 0.14.0, 0.13.0
            Reporter: Na Yang
            Assignee: Na Yang


In the core-site.xml, the hadoop.proxyuser.<user>.groups specifies the user groups which
can be impersonated by the HS2 <user>. However, this does not work properly in Hive.


In my core-site.xml, I have the following configs:
<property>
  <name>hadoop.proxyuser.mapr.hosts</name>
  <value>*</value>
</property>

<property>
  <name>hadoop.proxyuser.mapr.groups</name>
  <value>root</value>
</property>

I would expect with this configuration that 'mapr' can impersonate only members of the Unix
group 'root'. However if I submit a query as user 'jon' the query is running as user 'jon'
even though 'mapr' should not be able to impersonate this user. 





--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message