Return-Path: X-Original-To: apmail-hive-dev-archive@www.apache.org Delivered-To: apmail-hive-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id EC716C9B6 for ; Mon, 5 Aug 2013 23:23:50 +0000 (UTC) Received: (qmail 10303 invoked by uid 500); 5 Aug 2013 23:23:49 -0000 Delivered-To: apmail-hive-dev-archive@hive.apache.org Received: (qmail 10242 invoked by uid 500); 5 Aug 2013 23:23:48 -0000 Mailing-List: contact dev-help@hive.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@hive.apache.org Delivered-To: mailing list dev@hive.apache.org Received: (qmail 10206 invoked by uid 500); 5 Aug 2013 23:23:48 -0000 Delivered-To: apmail-hadoop-hive-dev@hadoop.apache.org Received: (qmail 10190 invoked by uid 99); 5 Aug 2013 23:23:48 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 05 Aug 2013 23:23:48 +0000 Date: Mon, 5 Aug 2013 23:23:48 +0000 (UTC) From: "Eugene Koifman (JIRA)" To: hive-dev@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Assigned] (HIVE-5001) [WebHCat] JobState is read/written with different user credentials MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HIVE-5001?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Eugene Koifman reassigned HIVE-5001: ------------------------------------ Assignee: Eugene Koifman > [WebHCat] JobState is read/written with different user credentials > ------------------------------------------------------------------ > > Key: HIVE-5001 > URL: https://issues.apache.org/jira/browse/HIVE-5001 > Project: Hive > Issue Type: Bug > Components: HCatalog > Affects Versions: 0.11.0 > Reporter: Eugene Koifman > Assignee: Eugene Koifman > > JobState can be persisted to HDFS or Zookeeper. At various points in the lifecycle it's accessed with different user credentials thus may cause errors depending on how permissions are set. > Example: > When submitting a MR job, templeton.JarDelegator is used. > It calls LauncherDelegator#queueAsUser() which runs TempletonControllerJob with UserGroupInformation.doAs(). > TempletonControllerJob will in turn create JobState and persist it. > LauncherDelegator.registerJob() also modifies JobState but w/o doing a doAs() > So in the later case it's possible that the persisted state of JobState by a different user than one that created/owns the file. > templeton.tool.HDFSCleanup tries to delete these files w/o doAs. > 'childid' file, for example, is created with rw-r--r--. > and it's parent directory (job_201308051224_0001) has rwxr-xr-x. > HDFSStorage doesn't set file permissions explicitly so it must be using default permissions. > So there is a potential issue here (depending on UMASK) especially once HIVE-4601 is addressed. > Actually, even w/o HIVE-4601 the user that owns the WebHCat process is likely different than the one submitting a request. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira