Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-11481

hive incorrectly set extended ACLs for unnamed group for new databases/tables with inheritPerms enabled

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Duplicate
    • Affects Version/s: 0.14.0, 1.0.0, 1.2.0, 1.1.0, 1.2.1
    • Fix Version/s: None
    • Component/s: Metastore
    • Labels:
      None

      Description

      $ hadoop fs -chmod 700 /user/hive/warehouse
      $ hadoop fs -setfacl -m user:user1:rwx /user/hive/warehouse
      $ hadoop fs -setfacl -m default:user::rwx /user/hive/warehouse

      $ hadoop fs -ls /user/hive
      Found 1 items
      drwxrwx---+ - hive hadoop 0 2015-08-05 10:29 /user/hive/warehouse
      $ hadoop fs -getfacl /user/hive/warehouse

      1. file: /user/hive/warehouse
      2. owner: hive
      3. group: hadoop
        user::rwx
        user:user1:rwx
        group::---
        mask::rwx
        other::---
        default:user::rwx
        default:group::---
        default:other::---

      In hive cli> create database testing;

      $ hadoop fs -ls /user/hive/warehouse
      Found 1 items
      drwxrwx---+ - hive hadoop 0 2015-08-05 10:44 /user/hive/warehouse/testing.db
      $hadoop fs -getfacl /user/hive/warehouse/testing.db

      1. file: /user/hive/warehouse/testing.db
      2. owner: hive
      3. group: hadoop
        user::rwx
        user:user1:rwx
        group::rwx
        mask::rwx
        other::---
        default:user::rwx
        default:group::---
        default:other::---

      Since the warehouse directory has default group permission set to ---, the group permissions for testing.db should also be —

      The warehouse directory permissions show drwxrwx---+ which corresponds to user:mask:other. The subdirectory group ACL is set by calling FsPermission.getGroupAction() from Hadoop, which retrieves the file status permission rwx instead of the actual ACL permission, which is ---.

        Attachments

        1. HIVE-11481.3.patch
          14 kB
          Carita Ou
        2. HIVE-11481.2.patch
          10 kB
          Carita Ou
        3. HIVE-11481.1.patch
          3 kB
          Carita Ou

          Issue Links

            Activity

              People

              • Assignee:
                caritaou Carita Ou
                Reporter:
                caritaou Carita Ou
              • Votes:
                0 Vote for this issue
                Watchers:
                5 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: