[ https://issues.apache.org/jira/browse/DRILL-6906?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Sorabh Hamirwasia reassigned DRILL-6906: ---------------------------------------- Assignee: Kunal Khatua (was: Pritesh Maker) > File permissions are not being honored > -------------------------------------- > > Key: DRILL-6906 > URL: https://issues.apache.org/jira/browse/DRILL-6906 > Project: Apache Drill > Issue Type: Bug > Components: Client - JDBC, Client - ODBC > Affects Versions: 1.15.0 > Reporter: Robert Hou > Assignee: Kunal Khatua > Priority: Major > Fix For: 1.15.0 > > > I ran sqlline with user "kuser1". > {noformat} > /opt/mapr/drill/drill-1.15.0.apache/bin/sqlline -u > "jdbc:drill:drillbit=10.10.30.206" -n kuser1 -p mapr > {noformat} > I tried to access a file that is only accessible by root: > {noformat} > [root@perfnode206 drill-test-framework_krystal]# hf -ls > /drill/testdata/impersonation/neg_tc5/student > -rwx------ 3 root root 64612 2018-06-19 10:30 > /drill/testdata/impersonation/neg_tc5/student > {noformat} > I am able to read the table, which should not be possible. I used this > commit for Drill 1.15. > {noformat} > git.commit.id=bf2b414ac62cfc515fdd77f2688bb110073d764d > git.commit.message.full=DRILL-6866\: Upgrade to SqlLine 1.6.0\n\n1. Changed > SqlLine version to 1.6.0.\n2. Overridden new getVersion method in > DrillSqlLineApplication.\n3. Set maxColumnWidth to 80 to avoid issue > described in DRILL-6769.\n4. Changed colorScheme to obsidian.\n5. Output null > value for varchar / char / boolean types as null instead of empty string.\n6. > Changed access modifier from package default to public for JDBC classes that > implement external interfaces to avoid issues when calling methods from these > classes using reflection.\n\ncloses \#1556 > {noformat} > This is from drillbit.log. It shows that user is kuser1. > {noformat} > 2018-12-15 05:00:52,516 [23eb04fb-1701-bea7-dd97-ecda58795b3b:foreman] DEBUG > o.a.d.e.w.f.QueryStateProcessor - 23eb04fb-1701-bea7-dd97-ecda58795b3b: State > change requested PREPARING --> PLANNING > 2018-12-15 05:00:52,531 [23eb04fb-1701-bea7-dd97-ecda58795b3b:foreman] INFO > o.a.drill.exec.work.foreman.Foreman - Query text for query with id > 23eb04fb-1701-bea7-dd97-ecda58795b3b issued by kuser1: select * from > dfs.`/drill/testdata/impersonation/neg_tc5/student` > {noformat} > It is not clear to me if this is a Drill problem or a file system problem. I > tested MFS by logging in as kuser1 and trying to copy the file using "hadoop > fs -copyToLocal /drill/testdata/impersonation/neg_tc5/student" and got an > error, and was not able to copy the file. So I think MFS permissions are > working. > I also tried with Drill 1.14, and I get the expected error: > {noformat} > 0: jdbc:drill:drillbit=10.10.30.206> select * from > dfs.`/drill/testdata/impersonation/neg_tc5/student` limit 1; > Error: VALIDATION ERROR: From line 1, column 15 to line 1, column 17: Object > '/drill/testdata/impersonation/neg_tc5/student' not found within 'dfs' > [Error Id: cdf18c2a-b005-4f92-b819-d4324e8807d9 on > perfnode206.perf.lab:31010] (state=,code=0) > {noformat} > The commit for Drill 1.14 is: > {noformat} > git.commit.message.full=[maven-release-plugin] prepare release drill-1.14.0\n > git.commit.id=0508a128853ce796ca7e99e13008e49442f83147 > {noformat} > This problem exists with both Apache JDBC and Simba ODBC. > Here is drill-distrib.conf. drill-override.conf is empty. It is the same > for both 1.14 and 1.15. > {noformat} > drill.exec: { > cluster-id: "secure206-drillbits", > zk.connect: > "perfnode206.perf.lab:5181,perfnode207.perf.lab:5181,perfnode208.perf.lab:5181", > rpc.user.client.threads: "4", > options.store.parquet.block-size: "268435456", > sys.store.provider.zk.blobroot: "maprfs:///apps/drill", > spill.directories: [ "/tmp/drill/spill" ], > spill.fs: "maprfs:///", > storage.action_on_plugins_override_file: "rename" > zk.apply_secure_acl: true, > impersonation.enabled: true, > impersonation.max_chained_user_hops: 3, > options.exec.impersonation.inbound_policies: > "[{proxy_principals:{users:[\"mapr\"]},target_principals:{users:[\"*\"]}}]", > security.auth.mechanisms: ["PLAIN", "KERBEROS"], > security.auth.principal : "mapr/maprs...@qa.lab", > security.auth.keytab : "/etc/drill/mapr_maprsasl.keytab", > security.user.auth.enabled: true, > security.user.auth.packages += "org.apache.drill.exec.rpc.user.security", > security.user.auth.impl: "pam4j", > security.user.auth.pam_profiles: ["sudo", "login"], > http.ssl_enabled: true, > ssl.useHadoopConfig: true, > http.auth.mechanisms: ["FORM", "SPNEGO"], > http.auth.spnego.principal: "HTTP/perfnode206.perf....@qa.lab", > http.auth.spnego.keytab: "/etc/drill_spnego/perfnode206.keytab" > } > {noformat} -- This message was sent by Atlassian JIRA (v7.6.3#76005)