Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-5250 Specify UDF and other code from CLI
  3. HIVE-5400

Allow admins to disable compile and other commands

Log workAgile BoardRank to TopRank to BottomBulk Copy AttachmentsBulk Move AttachmentsVotersWatch issueWatchersConvert to IssueMoveLinkCloneLabelsUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 0.13.0
    • None
    • None
    • Hide
      Introduces new hive config parameter -
      hive.security.command.whitelist .
      This can use used to restrict the set of commands that can be run. Currently supported command list is - "set,reset,dfs,add,delete" and by default all these commands are supported. If you want to restrict any of these commands, you can set the config to a value that does not have the command in it.
      Show
      Introduces new hive config parameter - hive.security.command.whitelist . This can use used to restrict the set of commands that can be run. Currently supported command list is - "set,reset,dfs,add,delete" and by default all these commands are supported. If you want to restrict any of these commands, you can set the config to a value that does not have the command in it.

    Description

      From here: https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220

      I think we should afford admins who want to disable this functionality the ability to do so. Since such admins might want to disable other commands such as add or dfs, it wouldn't be much trouble to allow them to do this as well. For example we could have a configuration option "hive.available.commands" (or similar) which specified add,set,delete,reset, etc by default. Then check this value in CommandProcessorFactory. It would probably make sense to add this property to the restrict list.

      Attachments

        1. HIVE-5400.patch
          26 kB
          Brock Noland
        2. HIVE-5400.patch
          23 kB
          Brock Noland
        3. HIVE-5400.patch
          7 kB
          Brock Noland

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            brocknoland Brock Noland Assign to me
            brocknoland Brock Noland
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment