You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hive.apache.org by "Thomas Friedrich (JIRA)" <ji...@apache.org> on 2015/09/11 00:15:49 UTC

[jira] [Updated] (HIVE-11481) hive incorrectly set extended ACLs for unnamed group for new databases/tables with inheritPerms enabled

     [ https://issues.apache.org/jira/browse/HIVE-11481?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Thomas Friedrich updated HIVE-11481:
------------------------------------
    Assignee: Carita Ou

> hive incorrectly set extended ACLs for unnamed group for new databases/tables with inheritPerms enabled
> -------------------------------------------------------------------------------------------------------
>
>                 Key: HIVE-11481
>                 URL: https://issues.apache.org/jira/browse/HIVE-11481
>             Project: Hive
>          Issue Type: Bug
>          Components: Metastore
>    Affects Versions: 0.14.0, 1.0.0, 1.2.0, 1.1.0, 1.2.1
>            Reporter: Carita Ou
>            Assignee: Carita Ou
>            Priority: Minor
>
> $ hadoop fs -chmod 700 /user/hive/warehouse
> $ hadoop fs -setfacl -m user:user1:rwx /user/hive/warehouse
> $ hadoop fs -setfacl -m default:user::rwx /user/hive/warehouse
> $ hadoop fs -ls /user/hive
> Found 1 items
> drwxrwx---+  - hive hadoop          0 2015-08-05 10:29 /user/hive/warehouse
> $ hadoop fs -getfacl /user/hive/warehouse
> # file: /user/hive/warehouse
> # owner: hive
> # group: hadoop
> user::rwx
> user:user1:rwx
> group::---
> mask::rwx
> other::---
> default:user::rwx
> default:group::---
> default:other::---
> In hive cli> create database testing;
> $ hadoop fs -ls /user/hive/warehouse
> Found 1 items
> drwxrwx---+  - hive hadoop          0 2015-08-05 10:44 /user/hive/warehouse/testing.db
> $hadoop fs -getfacl /user/hive/warehouse/testing.db
> # file: /user/hive/warehouse/testing.db
> # owner: hive
> # group: hadoop
> user::rwx
> user:user1:rwx
> group::rwx
> mask::rwx
> other::---
> default:user::rwx
> default:group::---
> default:other::---
> Since the warehouse directory has default group permission set to ---, the group permissions for testing.db should also be ---
> The warehouse directory permissions show drwxrwx---+ which corresponds to user:mask:other. The subdirectory group ACL is set by calling FsPermission.getGroupAction() from Hadoop, which retrieves the file status permission rwx instead of the actual ACL permission, which is ---. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)