You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hive.apache.org by "Lefty Leverenz (JIRA)" <ji...@apache.org> on 2015/02/24 10:00:11 UTC

[jira] [Commented] (HIVE-4487) Hive does not set explicit permissions on hive.exec.scratchdir

    [ https://issues.apache.org/jira/browse/HIVE-4487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14334688#comment-14334688 ] 

Lefty Leverenz commented on HIVE-4487:
--------------------------------------

Doc note:  This adds configuration parameter *hive.scratch.dir.permission* to HiveConf.java, so it needs to be documented in the wiki (in two places):

* [AdminManual Configuration -- Configuration Variables | https://cwiki.apache.org/confluence/display/Hive/AdminManual+Configuration#AdminManualConfiguration-ConfigurationVariables]
* [Configuration Properties -- put it after hive.exec.scratchdir | https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-hive.exec.scratchdir]

HIVE-6847 adds a parameter description in release 0.14.0.

> Hive does not set explicit permissions on hive.exec.scratchdir
> --------------------------------------------------------------
>
>                 Key: HIVE-4487
>                 URL: https://issues.apache.org/jira/browse/HIVE-4487
>             Project: Hive
>          Issue Type: Bug
>    Affects Versions: 0.10.0
>            Reporter: Joey Echeverria
>            Assignee: Chaoyu Tang
>              Labels: TODOC12
>             Fix For: 0.12.0
>
>         Attachments: HIVE-4487.patch
>
>
> The hive.exec.scratchdir defaults to /tmp/hive-$\{user.name\}, but when Hive creates this directory it doesn't set any explicit permission on it. This means if you have the default HDFS umask setting of 022, then these directories end up being world readable. These permissions also get applied to the staging directories and their files, thus leaving inter-stage data world readable.
> This can cause a potential leak of data especially when operating on a Kerberos enabled cluster. Hive should probably default these directories to only be readable by the owner.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)