Uploaded image for project: 'Hive'
  1. Hive
  2. HIVE-4487

Hive does not set explicit permissions on hive.exec.scratchdir

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 0.10.0
    • 0.12.0
    • None

    Description

      The hive.exec.scratchdir defaults to /tmp/hive-${user.name}, but when Hive creates this directory it doesn't set any explicit permission on it. This means if you have the default HDFS umask setting of 022, then these directories end up being world readable. These permissions also get applied to the staging directories and their files, thus leaving inter-stage data world readable.

      This can cause a potential leak of data especially when operating on a Kerberos enabled cluster. Hive should probably default these directories to only be readable by the owner.

      Attachments

        1. HIVE-4487.patch
          3 kB
          Chaoyu Tang

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. HIVE-5322 FsPermission is initialized incorrectly in HIVE 5513

          • Blocker - Blocks development and/or testing work, production could not run
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. HIVE-6847 Improve / fix bugs in Hive scratch dir setup

          • Major - Major loss of function.
          • Closed

          Task - A task that needs to be done. HIVE-5313 HIVE-4487 breaks build because 0.20.2 is missing FSPermission(string)

          • Major - Major loss of function.
          • Closed

          Activity

            People

              ctang Chaoyu Tang
              fwiffo Joey Echeverria
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: