[jira] [Commented] (HIVE-4487) Hive does not set explicit permissions on hive.exec.scratchdir

Thu, 19 Sep 2013 12:59:23 -0700 

    [ 
https://issues.apache.org/jira/browse/HIVE-4487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13772093#comment-13772093
 ] 

Yin Huai commented on HIVE-4487:
--------------------------------

Here is my error log when I am launching hive cli through eclipse.
{code}
Caused by: java.io.FileNotFoundException: 
/tmp/yhuai/hive_2013-09-19_13-43-12_206_2528583202954923226-1/-local-10000 
(Permission denied)
        at java.io.FileOutputStream.open(Native Method)
        at java.io.FileOutputStream.<init>(FileOutputStream.java:209)
        at 
org.apache.hadoop.fs.RawLocalFileSystem$LocalFSFileOutputStream.<init>(RawLocalFileSystem.java:180)
        at 
org.apache.hadoop.fs.RawLocalFileSystem$LocalFSFileOutputStream.<init>(RawLocalFileSystem.java:176)
        at 
org.apache.hadoop.fs.RawLocalFileSystem.create(RawLocalFileSystem.java:234)
        at 
org.apache.hadoop.fs.ChecksumFileSystem$ChecksumFSOutputSummer.<init>(ChecksumFileSystem.java:335)
        at 
org.apache.hadoop.fs.ChecksumFileSystem.create(ChecksumFileSystem.java:368)
        at org.apache.hadoop.fs.FileSystem.create(FileSystem.java:484)
        at org.apache.hadoop.fs.FileSystem.create(FileSystem.java:465)
        at org.apache.hadoop.fs.FileSystem.create(FileSystem.java:372)
        at org.apache.hadoop.fs.FileSystem.create(FileSystem.java:364)
        at org.apache.hadoop.hive.ql.exec.DDLTask.showTables(DDLTask.java:2252)
        ... 13 more
{\code}
                
> Hive does not set explicit permissions on hive.exec.scratchdir
> --------------------------------------------------------------
>
>                 Key: HIVE-4487
>                 URL: https://issues.apache.org/jira/browse/HIVE-4487
>             Project: Hive
>          Issue Type: Bug
>    Affects Versions: 0.10.0
>            Reporter: Joey Echeverria
>            Assignee: Chaoyu Tang
>             Fix For: 0.12.0
>
>         Attachments: HIVE-4487.patch
>
>
> The hive.exec.scratchdir defaults to /tmp/hive-$\{user.name\}, but when Hive 
> creates this directory it doesn't set any explicit permission on it. This 
> means if you have the default HDFS umask setting of 022, then these 
> directories end up being world readable. These permissions also get applied 
> to the staging directories and their files, thus leaving inter-stage data 
> world readable.
> This can cause a potential leak of data especially when operating on a 
> Kerberos enabled cluster. Hive should probably default these directories to 
> only be readable by the owner.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to