Thejas M Nair created HIVE-4984:
-----------------------------------
Summary: hive metastore should not re-use hadoop proxy
configuration
Key: HIVE-4984
URL: https://issues.apache.org/jira/browse/HIVE-4984
Project: Hive
Issue Type: Bug
Components: Metastore
Affects Versions: 0.12.0
Reporter: Thejas M Nair
Hive metastore supports proxyuser/doas functionality like hadoop [1].
Metastore allows anybody who has proxyuser privileges in core-site.xml, to be a
metastore proxy user.
This is a bad from a security perspective, because when a user is made proxy
user for hadoop, it gets automatic privilege as proxy user for metastore as
well.
The more secure approach is to use metastore specific config parameters, like
what oozie does. [2]
[1] http://hadoop.apache.org/docs/stable/Secure_Impersonation.html
[2]
http://oozie.apache.org/docs/3.2.0-incubating/AG_Install.html#User_ProxyUser_Configuration
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
