Return-Path: X-Original-To: apmail-hive-dev-archive@www.apache.org Delivered-To: apmail-hive-dev-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id DB0C110A28 for ; Tue, 17 Sep 2013 02:41:02 +0000 (UTC) Received: (qmail 187 invoked by uid 500); 17 Sep 2013 02:40:57 -0000 Delivered-To: apmail-hive-dev-archive@hive.apache.org Received: (qmail 99939 invoked by uid 500); 17 Sep 2013 02:40:55 -0000 Mailing-List: contact dev-help@hive.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@hive.apache.org Delivered-To: mailing list dev@hive.apache.org Received: (qmail 99756 invoked by uid 500); 17 Sep 2013 02:40:53 -0000 Delivered-To: apmail-hadoop-hive-dev@hadoop.apache.org Received: (qmail 99636 invoked by uid 99); 17 Sep 2013 02:40:52 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 17 Sep 2013 02:40:52 +0000 Date: Tue, 17 Sep 2013 02:40:52 +0000 (UTC) From: "Hive QA (JIRA)" To: hive-dev@hadoop.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Commented] (HIVE-4487) Hive does not set explicit permissions on hive.exec.scratchdir MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/HIVE-4487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13769116#comment-13769116 ] Hive QA commented on HIVE-4487: ------------------------------- {color:green}Overall{color}: +1 all checks pass Here are the results of testing the latest attachment: https://issues.apache.org/jira/secure/attachment/12589262/HIVE-4487.patch {color:green}SUCCESS:{color} +1 3125 tests passed Test results: https://builds.apache.org/job/PreCommit-HIVE-Build/770/testReport Console output: https://builds.apache.org/job/PreCommit-HIVE-Build/770/console Messages: {noformat} Executing org.apache.hive.ptest.execution.PrepPhase Executing org.apache.hive.ptest.execution.ExecutionPhase Executing org.apache.hive.ptest.execution.ReportingPhase {noformat} This message is automatically generated. > Hive does not set explicit permissions on hive.exec.scratchdir > -------------------------------------------------------------- > > Key: HIVE-4487 > URL: https://issues.apache.org/jira/browse/HIVE-4487 > Project: Hive > Issue Type: Bug > Affects Versions: 0.10.0 > Reporter: Joey Echeverria > Assignee: Chaoyu Tang > Attachments: HIVE-4487.patch > > > The hive.exec.scratchdir defaults to /tmp/hive-$\{user.name\}, but when Hive creates this directory it doesn't set any explicit permission on it. This means if you have the default HDFS umask setting of 022, then these directories end up being world readable. These permissions also get applied to the staging directories and their files, thus leaving inter-stage data world readable. > This can cause a potential leak of data especially when operating on a Kerberos enabled cluster. Hive should probably default these directories to only be readable by the owner. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira