hive-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Carita Ou (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HIVE-11481) hive incorrectly set extended ACLs for unnamed group for new databases/tables with inheritPerms enabled
Date Wed, 30 Dec 2015 17:57:49 GMT

     [ https://issues.apache.org/jira/browse/HIVE-11481?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Carita Ou updated HIVE-11481:
-----------------------------
    Attachment: HIVE-11481.3.patch

> hive incorrectly set extended ACLs for unnamed group for new databases/tables with inheritPerms
enabled
> -------------------------------------------------------------------------------------------------------
>
>                 Key: HIVE-11481
>                 URL: https://issues.apache.org/jira/browse/HIVE-11481
>             Project: Hive
>          Issue Type: Bug
>          Components: Metastore
>    Affects Versions: 0.14.0, 1.0.0, 1.2.0, 1.1.0, 1.2.1
>            Reporter: Carita Ou
>            Assignee: Carita Ou
>            Priority: Minor
>         Attachments: HIVE-11481.1.patch, HIVE-11481.2.patch, HIVE-11481.3.patch
>
>
> $ hadoop fs -chmod 700 /user/hive/warehouse
> $ hadoop fs -setfacl -m user:user1:rwx /user/hive/warehouse
> $ hadoop fs -setfacl -m default:user::rwx /user/hive/warehouse
> $ hadoop fs -ls /user/hive
> Found 1 items
> drwxrwx---+  - hive hadoop          0 2015-08-05 10:29 /user/hive/warehouse
> $ hadoop fs -getfacl /user/hive/warehouse
> # file: /user/hive/warehouse
> # owner: hive
> # group: hadoop
> user::rwx
> user:user1:rwx
> group::---
> mask::rwx
> other::---
> default:user::rwx
> default:group::---
> default:other::---
> In hive cli> create database testing;
> $ hadoop fs -ls /user/hive/warehouse
> Found 1 items
> drwxrwx---+  - hive hadoop          0 2015-08-05 10:44 /user/hive/warehouse/testing.db
> $hadoop fs -getfacl /user/hive/warehouse/testing.db
> # file: /user/hive/warehouse/testing.db
> # owner: hive
> # group: hadoop
> user::rwx
> user:user1:rwx
> group::rwx
> mask::rwx
> other::---
> default:user::rwx
> default:group::---
> default:other::---
> Since the warehouse directory has default group permission set to ---, the group permissions
for testing.db should also be ---
> The warehouse directory permissions show drwxrwx---+ which corresponds to user:mask:other.
The subdirectory group ACL is set by calling FsPermission.getGroupAction() from Hadoop, which
retrieves the file status permission rwx instead of the actual ACL permission, which is ---.




--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message