Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-5250 Specify UDF and other code from CLI
  3. HIVE-5400

Allow admins to disable compile and other commands

    XMLWordPrintableJSON

Details

    • Sub-task
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • None
    • 0.13.0
    • None
    • None
    • Hide
      Introduces new hive config parameter -
      hive.security.command.whitelist .
      This can use used to restrict the set of commands that can be run. Currently supported command list is - "set,reset,dfs,add,delete" and by default all these commands are supported. If you want to restrict any of these commands, you can set the config to a value that does not have the command in it.
      Show
      Introduces new hive config parameter - hive.security.command.whitelist . This can use used to restrict the set of commands that can be run. Currently supported command list is - "set,reset,dfs,add,delete" and by default all these commands are supported. If you want to restrict any of these commands, you can set the config to a value that does not have the command in it.

    Description

      From here: https://issues.apache.org/jira/browse/HIVE-5253?focusedCommentId=13782220&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-13782220

      I think we should afford admins who want to disable this functionality the ability to do so. Since such admins might want to disable other commands such as add or dfs, it wouldn't be much trouble to allow them to do this as well. For example we could have a configuration option "hive.available.commands" (or similar) which specified add,set,delete,reset, etc by default. Then check this value in CommandProcessorFactory. It would probably make sense to add this property to the restrict list.

      Attachments

        1. HIVE-5400.patch
          26 kB
          Brock Noland
        2. HIVE-5400.patch
          23 kB
          Brock Noland
        3. HIVE-5400.patch
          7 kB
          Brock Noland

        Issue Links

          is related to

          Improvement - An improvement or enhancement to an existing feature or task. HIVE-5879 Fix spelling errors in hive-default.xml

          • Trivial - Cosmetic problem like misspelt words or misaligned text.
          • Resolved
          relates to

          Sub-task - The sub-task of the issue HIVE-4887 sql standard auth should disable commands that impose security risk

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link Review Board

          Activity

            People

              brocknoland Brock Noland
              brocknoland Brock Noland
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: