[jira] [Commented] (HIVE-4487) Hive does not set explicit permissions on hive.exec.scratchdir

Thu, 19 Sep 2013 00:56:51 -0700 

    [ 
https://issues.apache.org/jira/browse/HIVE-4487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13771678#comment-13771678
 ] 

Thejas M Nair commented on HIVE-4487:
-------------------------------------

I am seeing several precommit intermittent test failures in last few builds, 
which seem to be caused by permission errors. I am wondering if it might be 
related to this change. I also saw this on my linux machine, but not in another 
run on my mac.

The tests have errors like this -
Copying data from 
file:/home/hiveptest/ip-10-74-50-170-hiveptest-2/apache-svn-trunk-source/data/files/kv1.txt
Failed with exception Failed to set permissions of path: 
/home/hiveptest/ip-10-74-50-170-hiveptest-2/apache-svn-trunk-source/build/ql/scratchdir/hive_2013-09-18_19-22-30_852_799993877859563099-1/-ext-10000
 to 0777

For example in - 
https://builds.apache.org/job/PreCommit-HIVE-Build/813/testReport/org.apache.hadoop.hive.ql.parse/TestParseNegative/testParseNegative_ambiguous_join_col/

                
> Hive does not set explicit permissions on hive.exec.scratchdir
> --------------------------------------------------------------
>
>                 Key: HIVE-4487
>                 URL: https://issues.apache.org/jira/browse/HIVE-4487
>             Project: Hive
>          Issue Type: Bug
>    Affects Versions: 0.10.0
>            Reporter: Joey Echeverria
>            Assignee: Chaoyu Tang
>             Fix For: 0.12.0
>
>         Attachments: HIVE-4487.patch
>
>
> The hive.exec.scratchdir defaults to /tmp/hive-$\{user.name\}, but when Hive 
> creates this directory it doesn't set any explicit permission on it. This 
> means if you have the default HDFS umask setting of 022, then these 
> directories end up being world readable. These permissions also get applied 
> to the staging directories and their files, thus leaving inter-stage data 
> world readable.
> This can cause a potential leak of data especially when operating on a 
> Kerberos enabled cluster. Hive should probably default these directories to 
> only be readable by the owner.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to