Details

    • Type: Sub-task Sub-task
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.13.0
    • Component/s: None
    • Labels:
      None
    • Release Note:
      Hide
      Introduces new hive config parameter -
      hive.security.command.whitelist .
      This can use used to restrict the set of commands that can be run. Currently supported command list is - "set,reset,dfs,add,delete" and by default all these commands are supported. If you want to restrict any of these commands, you can set the config to a value that does not have the command in it.
      Show
      Introduces new hive config parameter - hive.security.command.whitelist . This can use used to restrict the set of commands that can be run. Currently supported command list is - "set,reset,dfs,add,delete" and by default all these commands are supported. If you want to restrict any of these commands, you can set the config to a value that does not have the command in it.

      Description

      From here: https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220

      I think we should afford admins who want to disable this functionality the ability to do so. Since such admins might want to disable other commands such as add or dfs, it wouldn't be much trouble to allow them to do this as well. For example we could have a configuration option "hive.available.commands" (or similar) which specified add,set,delete,reset, etc by default. Then check this value in CommandProcessorFactory. It would probably make sense to add this property to the restrict list.

      1. HIVE-5400.patch
        26 kB
        Brock Noland
      2. HIVE-5400.patch
        23 kB
        Brock Noland
      3. HIVE-5400.patch
        7 kB
        Brock Noland

        Issue Links

          Activity

          Brock Noland created issue -
          Edward Capriolo made changes -
          Field Original Value New Value
          Assignee Edward Capriolo [ appodictic ]
          Brock Noland made changes -
          Attachment HIVE-5400.patch [ 12606178 ]
          Brock Noland made changes -
          Status Open [ 1 ] Patch Available [ 10002 ]
          Brock Noland made changes -
          Status Patch Available [ 10002 ] Open [ 1 ]
          Brock Noland made changes -
          Attachment HIVE-5400.patch [ 12606401 ]
          Brock Noland made changes -
          Remote Link This issue links to "Review Board (Web Link)" [ 12901 ]
          Brock Noland made changes -
          Status Open [ 1 ] Patch Available [ 10002 ]
          Brock Noland made changes -
          Attachment HIVE-5400.patch [ 12606456 ]
          Edward Capriolo made changes -
          Assignee Edward Capriolo [ appodictic ] Brock Noland [ brocknoland ]
          Fix Version/s 0.13.0 [ 12324986 ]
          Edward Capriolo made changes -
          Status Patch Available [ 10002 ] Resolved [ 5 ]
          Resolution Fixed [ 1 ]
          Thejas M Nair made changes -
          Release Note Introduces new hive config parameter -
          hive.security.command.whitelist .
          This can use used to restrict the set of commands that can be run. Currently supported command list is - "set,reset,dfs,add,delete" and by default all these commands are supported. If you want to restrict any of these commands, you can set the config to a value that does not have the command in it.
          Thejas M Nair made changes -
          Link This issue relates to HIVE-4887 [ HIVE-4887 ]
          Brock Noland made changes -
          Link This issue is related to HIVE-5879 [ HIVE-5879 ]

            People

            • Assignee:
              Brock Noland
              Reporter:
              Brock Noland
            • Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development