Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-11826

'hadoop.proxyuser.hive.groups' configuration doesn't prevent unauthorized user to access metastore

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 2.0.0
    • 1.3.0, 2.0.0
    • Metastore
    • None
    • Reviewed

    Description

      With 'hadoop.proxyuser.hive.groups' configured in core-site.xml to certain groups, currently if you run the job with a user not belonging to those groups, it won't fail to access metastore. With old version hive 0.13, actually it fails properly.

      Seems HadoopThriftAuthBridge20S.java correctly call ProxyUsers.authorize() while HadoopThriftAuthBridge23 doesn't.

      Attachments

        1. HIVE-11826.patch
          0.9 kB
          Aihua Xu
        2. HIVE-11826.2.patch
          36 kB
          Aihua Xu

        Issue Links

          breaks

          Bug - A problem which impairs or prevents the functions of the product. HIVE-12688 HIVE-11826 makes hive unusable in properly secured cluster

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed

          Activity

            People

              aihuaxu Aihua Xu
              aihuaxu Aihua Xu
              Votes:
              1 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: