You are viewing a plain text version of this content. The canonical link for it is here.
Posted to user@drill.apache.org by Christopher Matta <ch...@mapr.com> on 2016/05/03 17:04:19 UTC

Drill impersonation not respecting secondary group on view

Drill doesn’t seem to be respecting secondary group ownership with regards
to a view, this view is owned by the analysts group:

[mapr@ip-172-16-1-219 data]$ ls -l users_ssns.view.drill
-rwxr-x--- 1 mapr analysts 1020 May  3 13:54 users_ssns.view.drill

My user is a member of the analysts group (secondary):

[cmatta@ip-172-16-1-219 ~]$ id
uid=502(cmatta) gid=5002(cmatta) groups=5002(cmatta),5604(analysts)

But I can’t select the view:

[cmatta@ip-172-16-1-219 ~]$ sqlline -u jdbc:drill: -n cmatta <<<
"select * from dfs.data.users_ssns limit 5;"
OpenJDK 64-Bit Server VM warning: ignoring option MaxPermSize=512M;
support was removed in 8.0
apache drill 1.6.0
"this isn't your grandfather's sql"
0: jdbc:drill:> select * from dfs.data.users_ssns limit 5;
Error: VALIDATION ERROR: From line 1, column 15 to line 1, column 17:
Table 'dfs.data.users_ssns' not found

SQL Query null

[Error Id: 4a275ad7-b1bf-42d5-ac51-530e5302a30a on
ip-172-16-1-220.ec2.internal:31010] (state=,code=0)

However, if I change the group ownership to my users’s primary group:

[mapr@ip-172-16-1-219 data]$ chown mapr:cmatta users_ssns.view.drill
[mapr@ip-172-16-1-219 data]$ ls -l users_ssns.view.drill
-rwxr-x--- 1 mapr cmatta 1020 May  3 13:54 users_ssns.view.drill

It works:

[cmatta@ip-172-16-1-219 ~]$ sqlline -u jdbc:drill: -n cmatta <<<
"select * from dfs.data.users_ssns limit 5;"
OpenJDK 64-Bit Server VM warning: ignoring option MaxPermSize=512M;
support was removed in 8.0
apache drill 1.6.0
"a drill is a terrible thing to waste"
0: jdbc:drill:> select * from dfs.data.users_ssns limit 5;
+-----+-------------------+---------+----------+--------------+--------------------+
| id  |       name        | gender  | zipcode  |  masked_ssn  |
ssn_issuing_state  |
+-----+-------------------+---------+----------+--------------+--------------------+
| 5   | Lillian Aaron     | FEMALE  | 30582    | 000-03-5398  | MO
            |
| 31  | Sherri Owens      | FEMALE  | 43162    | 000-79-9530  | AZ
            |
| 33  | George Villatoro  | MALE    | 36870    | 000-47-5807  | TX
            |
| 36  | Sandra Heidrick   | FEMALE  | 54960    | 000-42-4139  | OK
            |
| 39  | Larry Adkins      | FEMALE  | 40475    | 000-24-6091  | MS
            |
+-----+-------------------+---------+----------+--------------+--------------------+
5 rows selected (0.368 seconds)

Can anyone confirm if I’m doing this right, and if so, is this a bug?

—
Chris Matta
215-701-3146
chris@mapr.com
​