[HIVE-12688] HIVE-11826 makes hive unusable in properly secured cluster - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Blocker
Resolution: Fixed
Affects Version/s: 1.3.0, 2.0.0
Fix Version/s: 2.0.0
Component/s: None
Labels:
None

Target Version/s:

1.3.0, 2.0.0

Description

~~HIVE-11826~~ makes a change to restrict connections to metastore to users who belong to groups under 'hadoop.proxyuser.hive.groups'.
That property was only a meant to be a hadoop property, which controls what users the hive user can impersonate. What this change is doing is to enable use of that to also restrict who can connect to metastore server. This is new functionality, not a bug fix. There is value to this functionality.

However, this change makes hive unusable in a properly secured cluster. If 'hadoop.proxyuser.hive.hosts' is set to the proper set of hosts that run Metastore and Hiveserver2 (instead of a very open "*"), then users will be able to connect to metastore only from those hosts.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HIVE-12688.1.patch
16/Dec/15 06:05
2 kB
Thejas Nair

Issue Links

is broken by

HIVE-11826 'hadoop.proxyuser.hive.groups' configuration doesn't prevent unauthorized user to access metastore

Closed

Activity

People

Assignee:: Thejas Nair

Reporter:: Thejas Nair

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 16/Dec/15 05:34

Updated:: 02/Jun/16 10:17

Resolved:: 18/Dec/15 00:00