Impersonation using the default dfs configuration is not supported? The documentation for Impersonation Support says that File System is a supported Storage Plugin, and that only HBase is not supported. If this is true, do you know if there is a Jira ticket to add this feature?
Scott On Thu, Jun 30, 2016 at 4:58 PM, Chun Chang <cch...@maprtech.com> wrote: > Impersonation against local file system is not supported. If you are > running against hdfs, please take a look at drillbit.log or post relevant > part here. > > On Thu, Jun 30, 2016 at 8:12 AM, scott <tcots8...@gmail.com> wrote: > > > Hi, > > I am having trouble getting Impersonation to work. Using Drill 1.7, I > have > > a drill user, user1, and user2. Drill is started as the drill user. I am > > testing impersonation on the local file system dfs default storage plugin > > on a linux server. I have setup some files that are owned by user1 and > > user2 with 600 permissions, and am using the sqlline tool to test access. > > However, I am not able to access either file logged in as user1 or user2. > > Only when I change permissions so that the drill user can read am I able > to > > access either file. I have confirmed that impersonation is enabled using > > the following: > > > > select * from sys.boot where name like '%impersonation%'; > > > > > +-------------------------------------------------+----------+-------+---------+----------+-------------+-----------+------------+ > > | name | kind | type | > > status | num_val | string_val | bool_val | float_val | > > > > > +-------------------------------------------------+----------+-------+---------+----------+-------------+-----------+------------+ > > | drill.exec.impersonation.enabled | BOOLEAN | BOOT | > > BOOT | null | null | true | null | > > | drill.exec.impersonation.max_chained_user_hops | LONG | BOOT | > > BOOT | 2 | null | null | null | > > > > > +-------------------------------------------------+----------+-------+---------+----------+-------------+-----------+------------+ > > > > My override conf is: > > drill.exec: { > > cluster-id: "mydrillbits", > > zk: { > > connect: "10.80.22.238:2181", > > root: "drill", > > refresh: 500, > > timeout: 5000, > > retry: { > > count: 7200, > > delay: 500 > > } > > }, > > http: { > > enabled: true, > > ssl_enabled: true, > > port: 8047 > > }, > > impersonation: { > > enabled: true, > > max_chained_user_hops: 2 > > }, > > security.user.auth { > > enabled: true, > > packages += "org.apache.drill.exec.rpc.user.security", > > impl: "pam", > > pam_profiles: [ "sudo", "login" ] > > } > > } > > > > > > Has anyone had similar problems, or am I misunderstanding how user > > impersonation works? > > > > Thanks for your time, > > Scott > > >