Return-Path: X-Original-To: apmail-hive-dev-archive@www.apache.org Delivered-To: apmail-hive-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8553381CD for ; Tue, 13 Sep 2011 23:04:36 +0000 (UTC) Received: (qmail 81250 invoked by uid 500); 13 Sep 2011 23:04:36 -0000 Delivered-To: apmail-hive-dev-archive@hive.apache.org Received: (qmail 81192 invoked by uid 500); 13 Sep 2011 23:04:36 -0000 Mailing-List: contact dev-help@hive.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@hive.apache.org Delivered-To: mailing list dev@hive.apache.org Received: (qmail 81183 invoked by uid 500); 13 Sep 2011 23:04:35 -0000 Delivered-To: apmail-hadoop-hive-dev@hadoop.apache.org Received: (qmail 81180 invoked by uid 99); 13 Sep 2011 23:04:35 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Sep 2011 23:04:35 +0000 X-ASF-Spam-Status: No, hits=-2000.5 required=5.0 tests=ALL_TRUSTED,RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.116] (HELO hel.zones.apache.org) (140.211.11.116) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 13 Sep 2011 23:04:30 +0000 Received: from hel.zones.apache.org (hel.zones.apache.org [140.211.11.116]) by hel.zones.apache.org (Postfix) with ESMTP id 3DCD7960AB for ; Tue, 13 Sep 2011 23:04:09 +0000 (UTC) Date: Tue, 13 Sep 2011 23:04:09 +0000 (UTC) From: "Ashutosh Chauhan (JIRA)" To: hive-dev@hadoop.apache.org Message-ID: <672846156.24481.1315955049249.JavaMail.tomcat@hel.zones.apache.org> In-Reply-To: <666739792.17910.1301359565726.JavaMail.tomcat@hel.zones.apache.org> Subject: [jira] [Commented] (HIVE-2079) The warehouse directory shouldn't be 777'ed MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org [ https://issues.apache.org/jira/browse/HIVE-2079?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13104063#comment-13104063 ] Ashutosh Chauhan commented on HIVE-2079: ---------------------------------------- Apart from permissions of warehouse dir, ownership of warehouse dir also needs to be fixed. On a fresh install, warehouse directory doesn't get created while metastore server is starting and first client doing any filesystem operation ends up being its owner. We already have checkForDefaultDb(), we similarly need checkForWarehouseDir(). > The warehouse directory shouldn't be 777'ed > ------------------------------------------- > > Key: HIVE-2079 > URL: https://issues.apache.org/jira/browse/HIVE-2079 > Project: Hive > Issue Type: Bug > Components: Metastore, Security > Reporter: Devaraj Das > Assignee: Mac Yang > > The warehouse directory is created with a permissions of 777. This is to allow any user to successfully create database/table directories there. The security issue is that anyone can delete any directory in the warehouse. We should fix this hole. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira