You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@pig.apache.org by "Rohini Palaniswamy (JIRA)" <ji...@apache.org> on 2014/01/10 18:26:57 UTC
[jira] [Commented] (PIG-3511) Security: Pig temporary directories
might have world readable permissions
[ https://issues.apache.org/jira/browse/PIG-3511?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13868020#comment-13868020 ]
Rohini Palaniswamy commented on PIG-3511:
-----------------------------------------
If the user umask for the output directories are world readable then the temporary directories created by pig also has same permissions. And these temporary directory has job.jar, other registered jars and scripts, replicated table, quantile file for orderby, etc which are localized for jobs. Hadoop localizes them as public when the permissions are readable by all. The heavy requests for public localization from pig caused YARN-1575. The hadoop team would like to get this fixed in pig as well as having the data readable by all in /tmp directory is not a good thing. Also publicly localized things are localized directly by the NM process via a thread pool. Privately localized things are localized by a container localizer process run as the user. Keeping it private puts less load on NM and avoids localization being slowed down by the NM thread pool limit.
> Security: Pig temporary directories might have world readable permissions
> -------------------------------------------------------------------------
>
> Key: PIG-3511
> URL: https://issues.apache.org/jira/browse/PIG-3511
> Project: Pig
> Issue Type: Bug
> Reporter: Aniket Mokashi
> Assignee: Rohini Palaniswamy
> Fix For: 0.13.0
>
>
> Currently, udf jars are copied to FileLocalizer.getTemporaryPath which is a unsecured location. We need to make sure the directory that we copy these jars to have 700 permission settings (similar behavior as JobClient).
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)