Home | About | Sematext search-lucene.com search-hadoop.com
 Search Hadoop and all its subprojects:

Switch to Threaded View
Hive >> mail # user >> Is there a way to disable  -h <hostname> option ?


Copy link to this message
-
Is there a way to disable  -h <hostname> option ?
Hive version 0.9.0 (hive-common-0.9.0-cdh4.1.2.jar)

Is there a way to disable  -h <hostname> option ?

This way , I can disable anyone on the network drop/alter tables.

Like I said below , even if I create a ROLE with only SELECT permission , a user on the network can DROP tables with a -h <hostname> option

Thanks

Sanjay

From: Sanjay Subramanian <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>>
Reply-To: "[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>" <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>>
Date: Thursday, August 1, 2013 6:37 PM
To: "[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>" <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>>
Subject: Hive Authorization is bypassed with -h option

Hi

Hive version 0.9.0 (hive-common-0.9.0-cdh4.1.2.jar)
<property>
  <name>hive.security.authorization.enabled</name>
  <value>true</value>
  <description>enable or disable the hive client authorization</description>
</property>

Linux User = hiveuser1 (no hive permissions)

CASE 1
hive -e "select * from outpdir_ptitle_explanation_parsed limit 10"
Authorization failed:No privilege 'Select' found for inputs { database:default, table:outpdir_ptitle_explanation_parsed, columnName:header_servername}. Use show grant to get more details.

CASE 2 (use the -h option)
hive -h localhost -e "select * from outpdir_ptitle_explanation_parsed limit 10"
Shows results !!!

Why does "-h" option bypass authorization

Thanks

sanjay
CONFIDENTIALITY NOTICE
=====================This email message and any attachments are for the exclusive use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message along with any attachments, from your computer system. If you are the intended recipient, please be advised that the content of this message is subject to access, review and disclosure by the sender's Email System Administrator.

CONFIDENTIALITY NOTICE
=====================This email message and any attachments are for the exclusive use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply email and destroy all copies of the original message along with any attachments, from your computer system. If you are the intended recipient, please be advised that the content of this message is subject to access, review and disclosure by the sender's Email System Administrator.