You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hive.apache.org by "Thomas Friedrich (JIRA)" <ji...@apache.org> on 2015/09/11 00:15:49 UTC
[jira] [Updated] (HIVE-11481) hive incorrectly set extended ACLs
for unnamed group for new databases/tables with inheritPerms enabled
[ https://issues.apache.org/jira/browse/HIVE-11481?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Thomas Friedrich updated HIVE-11481:
------------------------------------
Assignee: Carita Ou
> hive incorrectly set extended ACLs for unnamed group for new databases/tables with inheritPerms enabled
> -------------------------------------------------------------------------------------------------------
>
> Key: HIVE-11481
> URL: https://issues.apache.org/jira/browse/HIVE-11481
> Project: Hive
> Issue Type: Bug
> Components: Metastore
> Affects Versions: 0.14.0, 1.0.0, 1.2.0, 1.1.0, 1.2.1
> Reporter: Carita Ou
> Assignee: Carita Ou
> Priority: Minor
>
> $ hadoop fs -chmod 700 /user/hive/warehouse
> $ hadoop fs -setfacl -m user:user1:rwx /user/hive/warehouse
> $ hadoop fs -setfacl -m default:user::rwx /user/hive/warehouse
> $ hadoop fs -ls /user/hive
> Found 1 items
> drwxrwx---+ - hive hadoop 0 2015-08-05 10:29 /user/hive/warehouse
> $ hadoop fs -getfacl /user/hive/warehouse
> # file: /user/hive/warehouse
> # owner: hive
> # group: hadoop
> user::rwx
> user:user1:rwx
> group::---
> mask::rwx
> other::---
> default:user::rwx
> default:group::---
> default:other::---
> In hive cli> create database testing;
> $ hadoop fs -ls /user/hive/warehouse
> Found 1 items
> drwxrwx---+ - hive hadoop 0 2015-08-05 10:44 /user/hive/warehouse/testing.db
> $hadoop fs -getfacl /user/hive/warehouse/testing.db
> # file: /user/hive/warehouse/testing.db
> # owner: hive
> # group: hadoop
> user::rwx
> user:user1:rwx
> group::rwx
> mask::rwx
> other::---
> default:user::rwx
> default:group::---
> default:other::---
> Since the warehouse directory has default group permission set to ---, the group permissions for testing.db should also be ---
> The warehouse directory permissions show drwxrwx---+ which corresponds to user:mask:other. The subdirectory group ACL is set by calling FsPermission.getGroupAction() from Hadoop, which retrieves the file status permission rwx instead of the actual ACL permission, which is ---.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)