HADOOP-4782 was opened to discuss the right level of access required for Chukwa to be able to read JT history logs under HOD provisioned directories. This was in turn required because HADOOP-4705, which provided world readable rights for all directories provisioned by HOD was found to be very unsecure for shared clusters. As per discussions on these two jiras, we decided to NOT change HOD's default behavior (of not granting access) for Hadoop 0.20, and providing very restricted access for Hadoop 0.18.3 (only execute permissions for group on the directory path until the history directory on the JT node). HADOOP-4782 tracked the reversal of the changes in HADOOP-4705 for Hadoop 0.20. This issue is being opened to make the restricted change in Hadoop 0.18.3. The patch submitted on HADOOP-4782 for Hadoop 0.18.3 can just be uploaded here. I am filing a new jira only because the nature of the fixes is different in spirit for the two versions.