Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-11826

'hadoop.proxyuser.hive.groups' configuration doesn't prevent unauthorized user to access metastore

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.0.0
    • Fix Version/s: 1.3.0, 2.0.0
    • Component/s: Metastore
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      With 'hadoop.proxyuser.hive.groups' configured in core-site.xml to certain groups, currently if you run the job with a user not belonging to those groups, it won't fail to access metastore. With old version hive 0.13, actually it fails properly.

      Seems HadoopThriftAuthBridge20S.java correctly call ProxyUsers.authorize() while HadoopThriftAuthBridge23 doesn't.

        Attachments

        1. HIVE-11826.2.patch
          36 kB
          Aihua Xu
        2. HIVE-11826.patch
          0.9 kB
          Aihua Xu

          Issue Links

            Activity

              People

              • Assignee:
                aihuaxu Aihua Xu
                Reporter:
                aihuaxu Aihua Xu
              • Votes:
                1 Vote for this issue
                Watchers:
                6 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: