You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hive.apache.org by "Jason Dere (JIRA)" <ji...@apache.org> on 2014/08/01 02:27:38 UTC
[jira] [Commented] (HIVE-7583) Use FileSystem.access() if available
to check file access for user
[ https://issues.apache.org/jira/browse/HIVE-7583?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14081733#comment-14081733 ]
Jason Dere commented on HIVE-7583:
----------------------------------
If using FileSystem.access() to check file access for a user other than the current user, the current user will need to impersonate the user using doAs(). [~thejas] has also pointed out that the file checks done in standard SQL authorization should also have been doing doAs() for the checks it's doing, but currently does not. Will also address this issue here.
> Use FileSystem.access() if available to check file access for user
> ------------------------------------------------------------------
>
> Key: HIVE-7583
> URL: https://issues.apache.org/jira/browse/HIVE-7583
> Project: Hive
> Issue Type: Bug
> Reporter: Jason Dere
> Assignee: Jason Dere
>
> Hive currently implements its own file access checks to determine if a user is allowed to perform an specified action on a file path (in StorageBasedAuthorizationProvider, also FileUtils). This can be prone to errors or inconsistencies with how file access is actually checked in Hadoop.
> HDFS-6570 adds a new FileSystem.access() API, so that we can perform the check using the actual HDFS logic rather than having to imitate that behavior in Hive. For versions of Hadoop that have this API available, we should use this API.
--
This message was sent by Atlassian JIRA
(v6.2#6252)