[jira] [Commented] (HIVE-11029) hadoop.proxyuser.mapr.groups does not work to restrict the groups that can be impersonated

Na Yang (JIRA) Thu, 18 Jun 2015 10:25:16 -0700

    [ 
https://issues.apache.org/jira/browse/HIVE-11029?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14592141#comment-14592141
 ]


Na Yang commented on HIVE-11029:
--------------------------------

[~xuefuz], that is correct. The problem happens on unsecured cluster. Thanks.

> hadoop.proxyuser.mapr.groups does not work to restrict the groups that can be 
> impersonated
> ------------------------------------------------------------------------------------------
>
>                 Key: HIVE-11029
>                 URL: https://issues.apache.org/jira/browse/HIVE-11029
>             Project: Hive
>          Issue Type: Bug
>          Components: HiveServer2
>    Affects Versions: 0.13.0, 0.14.0, 1.0.0, 1.2.0
>            Reporter: Na Yang
>            Assignee: Na Yang
>         Attachments: HIVE-11029.patch
>
>
> In the core-site.xml, the hadoop.proxyuser.<user>.groups specifies the user 
> groups which can be impersonated by the HS2 <user>. However, this does not 
> work properly in Hive. 
> In my core-site.xml, I have the following configs:
> <property>
>   <name>hadoop.proxyuser.mapr.hosts</name>
>   <value>*</value>
> </property>
> <property>
>   <name>hadoop.proxyuser.mapr.groups</name>
>   <value>root</value>
> </property>
> I would expect with this configuration that 'mapr' can impersonate only 
> members of the Unix group 'root'. However if I submit a query as user 'jon' 
> the query is running as user 'jon' even though 'mapr' should not be able to 
> impersonate this user. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (HIVE-11029) hadoop.proxyuser.mapr.groups does not work to restrict the groups that can be impersonated

Reply via email to