drill-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Omernik <j...@omernik.com>
Subject Re: user impersonation bypass
Date Tue, 16 Aug 2016 12:41:31 GMT
I would agree with Chun on this.  Ensure your configurations for all nodes
are the same, this is important, and I have been bitten by that before in
that I thought all nodes were the same, but I had missed updating one of
them. . (This goes for versions/upgrades too, I had a friend who upgrades
only part of his cluster and everything worked until it didn't.... lots of
weird issues started to crop up).

If you validate the config and versions on all bits, please let us know
more details so people can replicate. I.e. What version of Drill is on all
drill bit, can you share your config files you are using, how are you
connecting? (SQLLine, ODBC, JDBC, etc) This is an issue I am sure people
will take very seriously, we just want to ensure all the i's are dotted and
t's are crossed.

Thanks!

John Omernik


On Mon, Aug 15, 2016 at 4:38 PM, Chun Chang <cchang@maprtech.com> wrote:

> Scott,
>
> Make sure you have impersonation enabled on every cluster node (drillbit).
> Specifically, check the configuration on the drillbit you connected
> directly. In theory, connecting through ZK or direct should have no effect
> on impersonation.
>
> On Mon, Aug 15, 2016 at 1:31 PM, scott <tcots8888@gmail.com> wrote:
>
> > Hello,
> > I think I have discovered a bug, but I wanted to run this by the
> community
> > first. I was testing user impersonation on a MapR cluster in cluster
> mode.
> > I put in the ZK connect string and it works fine. The permissions limit
> > access as I would expect. Then, I tested a direct connection to one of
> the
> > drillbits using port 31010 with same login credentials. This time, I had
> > full access to everything in maprfs, as if I were logged in as the mapr
> > user.
> > Has anyone else experienced this or has an explanation for it?
> >
> > Thanks,
> > Scott
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message