Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id AB759200C6E for ; Mon, 24 Apr 2017 06:13:07 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id AA0AC160BB1; Mon, 24 Apr 2017 04:13:07 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id F26BC160BA6 for ; Mon, 24 Apr 2017 06:13:06 +0200 (CEST) Received: (qmail 79654 invoked by uid 500); 24 Apr 2017 04:13:06 -0000 Mailing-List: contact issues-help@hive.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@hive.apache.org Delivered-To: mailing list issues@hive.apache.org Received: (qmail 79645 invoked by uid 99); 24 Apr 2017 04:13:06 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 24 Apr 2017 04:13:06 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id CAC10C0C0A for ; Mon, 24 Apr 2017 04:13:05 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -99.202 X-Spam-Level: X-Spam-Status: No, score=-99.202 tagged_above=-999 required=6.31 tests=[KAM_ASCII_DIVIDERS=0.8, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id v1Ncq7Bgh4H8 for ; Mon, 24 Apr 2017 04:13:05 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTP id 057075FB95 for ; Mon, 24 Apr 2017 04:13:05 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 7ABF7E0BD5 for ; Mon, 24 Apr 2017 04:13:04 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 10C7121B54 for ; Mon, 24 Apr 2017 04:13:04 +0000 (UTC) Date: Mon, 24 Apr 2017 04:13:04 +0000 (UTC) From: "Thejas M Nair (JIRA)" To: issues@hive.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (HIVE-16497) FileUtils. isActionPermittedForFileHierarchy, isOwnerOfFileHierarchy file system operations should be impersonated MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Mon, 24 Apr 2017 04:13:07 -0000 [ https://issues.apache.org/jira/browse/HIVE-16497?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Thejas M Nair updated HIVE-16497: --------------------------------- Attachment: HIVE-16497.2.patch Fixing the test failures. > FileUtils. isActionPermittedForFileHierarchy, isOwnerOfFileHierarchy file system operations should be impersonated > ------------------------------------------------------------------------------------------------------------------ > > Key: HIVE-16497 > URL: https://issues.apache.org/jira/browse/HIVE-16497 > Project: Hive > Issue Type: Bug > Components: Authorization > Reporter: Thejas M Nair > Assignee: Thejas M Nair > Fix For: 3.0.0 > > Attachments: HIVE-16497.1.patch, HIVE-16497.2.patch > > > FileUtils.isActionPermittedForFileHierarchy checks if user has permissions for given action. The checks are made by impersonating the user. > However, the listing of child dirs are done as the hiveserver2 user. If the hive user doesn't have permissions on the filesystem, it gives incorrect error that the user doesn't have permissions to perform the action. > Impersonating the end user for all file operations in that function is also logically correct thing to do. -- This message was sent by Atlassian JIRA (v6.3.15#6346)