[jira] [Commented] (HIVE-2504) Warehouse table subdirectories should inherit the group permissions of the warehouse parent directory

[Ashutosh Chauhan (Commented) (JIRA)]

    [ 
https://issues.apache.org/jira/browse/HIVE-2504?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13249581#comment-13249581
 ] 

Ashutosh Chauhan commented on HIVE-2504:
----------------------------------------

I agree that fiddling with umask is not the cleanest approach here. But, I am 
not sure about *always* inheriting permissions either, since this effectively 
implies the whole sub-tree of warehouse dir will have same permissions as 
warehouse dir itself. Concretely, lets consider following example. Lets say, wh 
dir has 700 perms. Then, if I create table (which only owner of wh can do) I 
will end up with either 775 or 755 (depending on whether it was before or after 
the earlier patch of jira). However, with your patch, table dir will end up 
with 700. In the earlier case, anyone could have read the tables, but now with 
your approach only owner can read. Now, which of this is correct behavior is 
open for debate and depends on which security model you have as your premise. 
Additionally, this will be change of behavior then the current behavior. So, I 
suggest you define a new config variable like {{hive.warehouse.inherit.perms}} 
or something similar and set it to false by default. And then take your code 
path of inheriting parent perms in case it is set to true. Thoughts? 
                
> Warehouse table subdirectories should inherit the group permissions of the 
> warehouse parent directory
> -----------------------------------------------------------------------------------------------------
>
>                 Key: HIVE-2504
>                 URL: https://issues.apache.org/jira/browse/HIVE-2504
>             Project: Hive
>          Issue Type: Bug
>          Components: Metastore
>            Reporter: Carl Steinbach
>            Assignee: Rohini Palaniswamy
>             Fix For: 0.9.0
>
>         Attachments: HIVE-2504.patch, HIVE-2504.patch
>
>
> When the Hive Metastore creates a subdirectory in the Hive warehouse for
> a new table it does so with the default HDFS permissions. Since the default
> dfs.umask value is 022, this means that the new subdirectory will not inherit 
> the
> group write permissions of the hive warehouse directory.
> We should make the umask used by Warehouse.mkdirs() configurable, and set
> it to use a default value of 002.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira