hive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joey Echeverria (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (HIVE-4487) Hive does not set explicit permissions on hive.exec.scratchdir
Date Fri, 03 May 2013 14:08:17 GMT

     [ https://issues.apache.org/jira/browse/HIVE-4487?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Joey Echeverria updated HIVE-4487:
----------------------------------

    Description: 
The hive.exec.scratchdir defaults to /tmp/hive-$\{user.name\}, but when Hive creates this
directory it doesn't set any explicit permission on it. This means if you have the default
HDFS umask setting of 022, then these directories end up being world readable. These permissions
also get applied to the staging directories and their files, thus leaving inter-stage data
world readable.

This can cause a potential leak of data especially when operating on a Kerberos enabled cluster.
Hive should probably default these directories to only be readable by the owner.

  was:
The hive.exec.scratchdir defaults to /tmp/hive-${user.name}, but when Hive creates this directory
it doesn't set any explicit permission on it. This means if you have the default HDFS umask
setting of 022, then these directories end up being world readable. These permissions also
get applied to the staging directories and their files, thus leaving inter-stage data world
readable.

This can cause a potential leak of data especially when operating on a Kerberos enabled cluster.
Hive should probably default these directories to only be readable by the owner.

    
> Hive does not set explicit permissions on hive.exec.scratchdir
> --------------------------------------------------------------
>
>                 Key: HIVE-4487
>                 URL: https://issues.apache.org/jira/browse/HIVE-4487
>             Project: Hive
>          Issue Type: Bug
>    Affects Versions: 0.10.0
>            Reporter: Joey Echeverria
>
> The hive.exec.scratchdir defaults to /tmp/hive-$\{user.name\}, but when Hive creates
this directory it doesn't set any explicit permission on it. This means if you have the default
HDFS umask setting of 022, then these directories end up being world readable. These permissions
also get applied to the staging directories and their files, thus leaving inter-stage data
world readable.
> This can cause a potential leak of data especially when operating on a Kerberos enabled
cluster. Hive should probably default these directories to only be readable by the owner.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Mime
View raw message