drill-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Chun Chang <cch...@mapr.com>
Subject Re: user mixed up problem
Date Mon, 16 Oct 2017 18:14:11 GMT
Hi 查道德


From what you described, it looks like a bug to me. Please file a JIRA with the description
you've given here and provide relevant drillbit logs. This will help getting this issue resolved
early.


Thanks,

Chun

________________________________
From: 查道德 <flyfatasy@gmail.com>
Sent: Thursday, October 12, 2017 11:46:48 PM
To: user@drill.apache.org
Subject: Fwd: user mixed up problem

Hi guys.

we have used drill for quite a long time.   We used apache-drill-1.8.0 at
the beginning and recently we upgraded to apache-drill-1.11.0. Drill is
great and now drill already have 40+ user in our company. It accelerate
olap queries quite a lot. But as the number of  drill user is getting
bigger and bigger, a problem we called user mix-up is getting more and more
serious.


Let me explain the problem. We are using drill with user impersonation.
Different user have different privileges. As we have many drill user, so is
it quite common two or more people are using drill at the same time. A user
we called u1 posted a query to table t1 located in hdfs which he has
privilege through drill and may get an error which tells him that he has no
privilege to the table as he was u2 ( another user). " And u2 may get a
similar error with his query. The only thing u1 can do in this situation is
to exit drill and reconnect to drill through a new session.

This problem occurs quite frequently.  It occur in apache-drill-1.8.0 and
also in apache-drill-1.11.0. User get confused and maybe frustrated while data
security is under threaten.


PS: we are running drill on a 8 nodes cluster which will connect to a 100
nodes hadoop cluster. Hadoop version is 2.6.3. Drill version is 1.11.0.
Below is drill-override.conf

drill.exec: {
  cluster-id: "olap-drill",
  zk.connect: "zk01:2181/olap_drill,zk02:2181/olap_drill,zk03:2181/
olap_drill",
       security.user.auth: {            enabled: true,
            packages += "org.apache.drill.exec.rpc.user.security",
            impl: "pam"
            pam_profiles: ["login", "sudo"]
       },
           impersonation: {
             enabled: true,
             max_chained_user_hops: 3
           }
}


Thanks for your attention.




--
--
查道德
Daode Zha
Shanghai Jiaotong University
Address: 800 Dongchuan Road, Shanghai, 200240, P.R.China
Email: flyfatasy@gmail.com <flyfatasy@163.com>
Mobile Phone: +86 18817560334
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message