(hive) branch master updated: HIVE-28134: Improve SecureCmdDoAs. (#5140). (Ayush Saxena, reviewed by Sourabh Badhya)

ayushsaxena Wed, 20 Mar 2024 22:26:33 -0700

This is an automated email from the ASF dual-hosted git repository.

ayushsaxena pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/hive.git



The following commit(s) were added to refs/heads/master by this push:
     new 20106e25452 HIVE-28134: Improve SecureCmdDoAs. (#5140). (Ayush Saxena, 
reviewed by Sourabh Badhya)
20106e25452 is described below

commit 20106e254527f7d71b2e34455c4322e14950c620
Author: Ayush Saxena <ayushsax...@apache.org>
AuthorDate: Thu Mar 21 10:56:21 2024 +0530

    HIVE-28134: Improve SecureCmdDoAs. (#5140). (Ayush Saxena, reviewed by 
Sourabh Badhya)
---
 ql/src/java/org/apache/hadoop/hive/ql/exec/SecureCmdDoAs.java | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/ql/src/java/org/apache/hadoop/hive/ql/exec/SecureCmdDoAs.java 
b/ql/src/java/org/apache/hadoop/hive/ql/exec/SecureCmdDoAs.java
index e9ede6abf68..a2e9dab885d 100644
--- a/ql/src/java/org/apache/hadoop/hive/ql/exec/SecureCmdDoAs.java
+++ b/ql/src/java/org/apache/hadoop/hive/ql/exec/SecureCmdDoAs.java
@@ -23,8 +23,10 @@ import java.net.URI;
 import java.net.URISyntaxException;
 import java.util.Map;
 
+import org.apache.hadoop.fs.FSDataOutputStream;
 import org.apache.hadoop.fs.FileSystem;
 import org.apache.hadoop.fs.Path;
+import org.apache.hadoop.fs.permission.FsPermission;
 import org.apache.hadoop.hive.conf.HiveConf;
 import org.apache.hadoop.hive.ql.metadata.HiveException;
 import org.apache.hadoop.hive.shims.ShimLoader;
@@ -68,7 +70,13 @@ public class SecureCmdDoAs {
     tokenPath = new Path(tokenFile.toURI());
 
     //write credential with token to file
-    cred.writeTokenStorageFile(tokenPath, conf);
+    FsPermission umask = FsPermission.getUMask(conf);
+    FsPermission targetPerm = FsPermission.createImmutable((short) 0700);
+
+    try (FSDataOutputStream os = 
tokenPath.getFileSystem(conf).createFile(tokenPath)
+        .permission(targetPerm.applyUMask(umask)).build()) {
+      cred.writeTokenStorageToStream(os, 
Credentials.SerializedFormat.WRITABLE);
+    }
   }
 
   public void addEnv(Map<String, String> env){

(hive) branch master updated: HIVE-28134: Improve SecureCmdDoAs. (#5140). (Ayush Saxena, reviewed by Sourabh Badhya)

Reply via email to