Thejas M Nair created HIVE-4984: ----------------------------------- Summary: hive metastore should not re-use hadoop proxy configuration Key: HIVE-4984 URL: https://issues.apache.org/jira/browse/HIVE-4984 Project: Hive Issue Type: Bug Components: Metastore Affects Versions: 0.12.0 Reporter: Thejas M Nair
Hive metastore supports proxyuser/doas functionality like hadoop [1]. Metastore allows anybody who has proxyuser privileges in core-site.xml, to be a metastore proxy user. This is a bad from a security perspective, because when a user is made proxy user for hadoop, it gets automatic privilege as proxy user for metastore as well. The more secure approach is to use metastore specific config parameters, like what oozie does. [2] [1] http://hadoop.apache.org/docs/stable/Secure_Impersonation.html [2] http://oozie.apache.org/docs/3.2.0-incubating/AG_Install.html#User_ProxyUser_Configuration -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira