Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-4487

Hive does not set explicit permissions on hive.exec.scratchdir

Log workAgile BoardRank to TopRank to BottomVotersWatch issueWatchersCreate sub-taskConvert to sub-taskMoveLinkCloneLabelsUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 0.10.0
    • 0.12.0
    • None

    Description

      The hive.exec.scratchdir defaults to /tmp/hive-${user.name}, but when Hive creates this directory it doesn't set any explicit permission on it. This means if you have the default HDFS umask setting of 022, then these directories end up being world readable. These permissions also get applied to the staging directories and their files, thus leaving inter-stage data world readable.

      This can cause a potential leak of data especially when operating on a Kerberos enabled cluster. Hive should probably default these directories to only be readable by the owner.

      Attachments

        1. HIVE-4487.patch
          3 kB
          Chaoyu Tang

        Issue Links

        Activity

          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            ctang Chaoyu Tang Assign to me
            fwiffo Joey Echeverria
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Issue deployment