Details

    • Type: Sub-task Sub-task
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.13.0
    • Component/s: None
    • Labels:
      None
    • Release Note:
      Hide
      Introduces new hive config parameter -
      hive.security.command.whitelist .
      This can use used to restrict the set of commands that can be run. Currently supported command list is - "set,reset,dfs,add,delete" and by default all these commands are supported. If you want to restrict any of these commands, you can set the config to a value that does not have the command in it.
      Show
      Introduces new hive config parameter - hive.security.command.whitelist . This can use used to restrict the set of commands that can be run. Currently supported command list is - "set,reset,dfs,add,delete" and by default all these commands are supported. If you want to restrict any of these commands, you can set the config to a value that does not have the command in it.

      Description

      From here: https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220

      I think we should afford admins who want to disable this functionality the ability to do so. Since such admins might want to disable other commands such as add or dfs, it wouldn't be much trouble to allow them to do this as well. For example we could have a configuration option "hive.available.commands" (or similar) which specified add,set,delete,reset, etc by default. Then check this value in CommandProcessorFactory. It would probably make sense to add this property to the restrict list.

      1. HIVE-5400.patch
        26 kB
        Brock Noland
      2. HIVE-5400.patch
        23 kB
        Brock Noland
      3. HIVE-5400.patch
        7 kB
        Brock Noland

        Issue Links

          Activity

          No work has yet been logged on this issue.

            People

            • Assignee:
              Brock Noland
              Reporter:
              Brock Noland
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development