Shunichi Otsuka 2013-07-04, 05:27
One setting was missing:
This solves the problem
From: Shunichi Otsuka [mailto:[EMAIL PROTECTED]]
Sent: Thursday, July 04, 2013 2:28 PM
To: [EMAIL PROTECTED]
Subject: metastore security issue
I am trying to setup hive securely doing authorization at the metastore. However there is a problem.
I have relied on hive JIRA HIVE-3705 to decide the configuration which were set as below:
hive.metastore.kerberos.principal hive/[EMAIL PROTECTED]
However this does authorize an unauthorized user to drop a table or database from the metastore as below:
alice> create database db1 location '/user/alice/warehouse/db1.db';
[The permission of db1.db is drwx------ alice:users] However,
bob> drop database db1;
This should not happen, so why is it happening? Is my setting wrong or is it that the code has not covered this case?
If it is that it has not been implemented yet, what measures have you taken to avoid malicious users from dropping other users' database/tables?
Java version is 1.6.0_33
hive version is 0.11