[jira] [Commented] (HIVE-23339) SBA does not check permissions for DB location specified in Create database query

[Hive QA (Jira)]

    [ 
https://issues.apache.org/jira/browse/HIVE-23339?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17104267#comment-17104267
 ] 

Hive QA commented on HIVE-23339:
--------------------------------



Here are the results of testing the latest attachment:
https://issues.apache.org/jira/secure/attachment/13002598/HIVE-23339.01.patch

{color:green}SUCCESS:{color} +1 due to 1 test(s) being added or modified.

{color:green}SUCCESS:{color} +1 due to 17254 tests passed

Test results: 
https://builds.apache.org/job/PreCommit-HIVE-Build/22260/testReport
Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/22260/console
Test logs: http://104.198.109.242/logs/PreCommit-HIVE-Build-22260/

Messages:
{noformat}
Executing org.apache.hive.ptest.execution.TestCheckPhase
Executing org.apache.hive.ptest.execution.PrepPhase
Executing org.apache.hive.ptest.execution.YetusPhase
Executing org.apache.hive.ptest.execution.ExecutionPhase
Executing org.apache.hive.ptest.execution.ReportingPhase
{noformat}

This message is automatically generated.

ATTACHMENT ID: 13002598 - PreCommit-HIVE-Build

> SBA does not check permissions for DB location specified in Create database 
> query
> ---------------------------------------------------------------------------------
>
>                 Key: HIVE-23339
>                 URL: https://issues.apache.org/jira/browse/HIVE-23339
>             Project: Hive
>          Issue Type: Bug
>          Components: Hive
>    Affects Versions: 3.1.0
>            Reporter: Riju Trivedi
>            Assignee: Shubham Chaurasia
>            Priority: Critical
>              Labels: pull-request-available
>         Attachments: HIVE-23339.01.patch
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> With doAs=true and StorageBasedAuthorization provider, create database with 
> specific location succeeds even if user doesn't have access to that path.
>  
> {code:java}
>   hadoop fs -ls -d /tmp/cannot_write
>  drwx------ - hive hadoop 0 2020-04-01 22:53 /tmp/cannot_write
> create a database under /tmp/cannot_write. We would expect it to fail, but is 
> actually created successfully with "hive" as the owner:
> rtrivedi@bdp01:~> beeline -e "create database rtrivedi_1 location 
> '/tmp/cannot_write/rtrivedi_1'"
>  INFO : OK
>  No rows affected (0.116 seconds)
> hive@hpchdd2e:~> hadoop fs -ls /tmp/cannot_write
>  Found 1 items
>  drwx------ - hive hadoop 0 2020-04-01 23:05 /tmp/cannot_write/rtrivedi_1
> {code}
>  



--
This message was sent by Atlassian Jira
(v8.3.4#803005)