Carita Ou created HIVE-11481:
--------------------------------
Summary: hive incorrectly set extended ACLs for unnamed group for
new databases/tables with inheritPerms enabled
Key: HIVE-11481
URL: https://issues.apache.org/jira/browse/HIVE-11481
Project: Hive
Issue Type: Bug
Components: Metastore
Affects Versions: 1.2.0, 1.0.0, 0.14.0, 1.1.0, 1.2.1
Reporter: Carita Ou
Priority: Minor
$ hadoop fs -chmod 700 /user/hive/warehouse
$ hadoop fs -setfacl -m user:user1:rwx /user/hive/warehouse
$ hadoop fs -setfacl -m default:user::rwx /user/hive/warehouse
$ hadoop fs -ls /user/hive
Found 1 items
drwxrwx---+ - hive hadoop 0 2015-08-05 10:29 /user/hive/warehouse
$ hadoop fs -getfacl /user/hive/warehouse
# file: /user/hive/warehouse
# owner: hive
# group: hadoop
user::rwx
user:user1:rwx
group::---
mask::rwx
other::---
default:user::rwx
default:group::---
default:other::---
In hive cli> create database testing;
$ hadoop fs -ls /user/hive/warehouse
Found 1 items
drwxrwx---+ - hive hadoop 0 2015-08-05 10:44
/user/hive/warehouse/testing.db
$hadoop fs -getfacl /user/hive/warehouse/testing.db
# file: /user/hive/warehouse/testing.db
# owner: hive
# group: hadoop
user::rwx
user:user1:rwx
group::rwx
mask::rwx
other::---
default:user::rwx
default:group::---
default:other::---
Since the warehouse directory has default group permission set to ---, the
group permissions for testing.db should also be ---
The warehouse directory permissions show drwxrwx---+ which corresponds to
user:mask:other. The subdirectory group ACL is set by calling
FsPermission.getGroupAction() from Hadoop, which retrieves the file status
permission rwx instead of the actual ACL permission, which is ---.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
