You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@hive.apache.org by "Devaraj Das (JIRA)" <ji...@apache.org> on 2011/03/29 02:46:05 UTC
[jira] [Created] (HIVE-2079) The warehouse directory shouldn't be
777'ed
The warehouse directory shouldn't be 777'ed
-------------------------------------------
Key: HIVE-2079
URL: https://issues.apache.org/jira/browse/HIVE-2079
Project: Hive
Issue Type: Bug
Components: Metastore, Security
Reporter: Devaraj Das
Assignee: Mac Yang
Fix For: 0.8.0
The warehouse directory is created with a permissions of 777. This is to allow any user to successfully create database/table directories there. The security issue is that anyone can delete any directory in the warehouse. We should fix this hole.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HIVE-2079) The warehouse directory shouldn't be
777'ed
Posted by "Edward Capriolo (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HIVE-2079?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13013604#comment-13013604 ]
Edward Capriolo commented on HIVE-2079:
---------------------------------------
Ok thanks that clears it up. This only effects those using hive-server and fat client is exempt. This should not be very difficult. Hive always works in side effect files and then does moves as the last step. So your technique to do elsewhere and then copy in and chown makes sense. +1
> The warehouse directory shouldn't be 777'ed
> -------------------------------------------
>
> Key: HIVE-2079
> URL: https://issues.apache.org/jira/browse/HIVE-2079
> Project: Hive
> Issue Type: Bug
> Components: Metastore, Security
> Reporter: Devaraj Das
> Assignee: Mac Yang
> Fix For: 0.8.0
>
>
> The warehouse directory is created with a permissions of 777. This is to allow any user to successfully create database/table directories there. The security issue is that anyone can delete any directory in the warehouse. We should fix this hole.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Updated] (HIVE-2079) The warehouse directory shouldn't be
777'ed
Posted by "Carl Steinbach (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HIVE-2079?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Carl Steinbach updated HIVE-2079:
---------------------------------
Fix Version/s: (was: 0.8.0)
> The warehouse directory shouldn't be 777'ed
> -------------------------------------------
>
> Key: HIVE-2079
> URL: https://issues.apache.org/jira/browse/HIVE-2079
> Project: Hive
> Issue Type: Bug
> Components: Metastore, Security
> Reporter: Devaraj Das
> Assignee: Mac Yang
>
> The warehouse directory is created with a permissions of 777. This is to allow any user to successfully create database/table directories there. The security issue is that anyone can delete any directory in the warehouse. We should fix this hole.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HIVE-2079) The warehouse directory shouldn't be
777'ed
Posted by "Devaraj Das (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HIVE-2079?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13013557#comment-13013557 ]
Devaraj Das commented on HIVE-2079:
-----------------------------------
Edward, at Yahoo!, we run the thrift server as a standalone metastore server, and there the problem can be handled. The solution is still under investigation but here is the flow of the directory creations and permission settings:
1) Have the real warehouse directory owned by the hive-thrift-server user and let that have 755 permissions.
2) Have a temp warehouse directory for staging the creation of tables/databases, and let that have 777 permissions.
3) When a user issues a create_table/database command, the hive-thrift-server creates the corresponding directory in the temp location. This operation happens as the user in question and the directory ends up getting owned by the user.
4) The hive-thrift-server then moves the directory to the real warehouse directory. This operation is done as the hive-thrift-server user.Since the temp directory has 777 permissions, and the real warehouse directory is owned by the hive-thrift-server user, the move will succeed.
With all the work that has been done in mostly HIVE-1842 & HIVE-1696, the above seems possible.
Granted, this won't work when hive runs in the fat-client mode. So, most likely, we will make the above be based on whether metastore is running in the local mode or not (hive.metastore.local config).
Makes sense ?
> The warehouse directory shouldn't be 777'ed
> -------------------------------------------
>
> Key: HIVE-2079
> URL: https://issues.apache.org/jira/browse/HIVE-2079
> Project: Hive
> Issue Type: Bug
> Components: Metastore, Security
> Reporter: Devaraj Das
> Assignee: Mac Yang
> Fix For: 0.8.0
>
>
> The warehouse directory is created with a permissions of 777. This is to allow any user to successfully create database/table directories there. The security issue is that anyone can delete any directory in the warehouse. We should fix this hole.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HIVE-2079) The warehouse directory shouldn't be
777'ed
Posted by "Edward Capriolo (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HIVE-2079?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13012994#comment-13012994 ]
Edward Capriolo commented on HIVE-2079:
---------------------------------------
Really? What should it be? Any why? How does this apply to deployments outside yours?
> The warehouse directory shouldn't be 777'ed
> -------------------------------------------
>
> Key: HIVE-2079
> URL: https://issues.apache.org/jira/browse/HIVE-2079
> Project: Hive
> Issue Type: Bug
> Components: Metastore, Security
> Reporter: Devaraj Das
> Assignee: Mac Yang
> Fix For: 0.8.0
>
>
> The warehouse directory is created with a permissions of 777. This is to allow any user to successfully create database/table directories there. The security issue is that anyone can delete any directory in the warehouse. We should fix this hole.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Commented] (HIVE-2079) The warehouse directory shouldn't be
777'ed
Posted by "Ashutosh Chauhan (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/HIVE-2079?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13104063#comment-13104063 ]
Ashutosh Chauhan commented on HIVE-2079:
----------------------------------------
Apart from permissions of warehouse dir, ownership of warehouse dir also needs to be fixed. On a fresh install, warehouse directory doesn't get created while metastore server is starting and first client doing any filesystem operation ends up being its owner. We already have checkForDefaultDb(), we similarly need checkForWarehouseDir().
> The warehouse directory shouldn't be 777'ed
> -------------------------------------------
>
> Key: HIVE-2079
> URL: https://issues.apache.org/jira/browse/HIVE-2079
> Project: Hive
> Issue Type: Bug
> Components: Metastore, Security
> Reporter: Devaraj Das
> Assignee: Mac Yang
>
> The warehouse directory is created with a permissions of 777. This is to allow any user to successfully create database/table directories there. The security issue is that anyone can delete any directory in the warehouse. We should fix this hole.
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira