[
https://issues.apache.org/jira/browse/HIVE-4487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14334688#comment-14334688
]
Lefty Leverenz commented on HIVE-4487:
--------------------------------------
Doc note: This adds configuration parameter *hive.scratch.dir.permission* to
HiveConf.java, so it needs to be documented in the wiki (in two places):
* [AdminManual Configuration -- Configuration Variables |
https://cwiki.apache.org/confluence/display/Hive/AdminManual+Configuration#AdminManualConfiguration-ConfigurationVariables]
* [Configuration Properties -- put it after hive.exec.scratchdir |
https://cwiki.apache.org/confluence/display/Hive/Configuration+Properties#ConfigurationProperties-hive.exec.scratchdir]
HIVE-6847 adds a parameter description in release 0.14.0.
> Hive does not set explicit permissions on hive.exec.scratchdir
> --------------------------------------------------------------
>
> Key: HIVE-4487
> URL: https://issues.apache.org/jira/browse/HIVE-4487
> Project: Hive
> Issue Type: Bug
> Affects Versions: 0.10.0
> Reporter: Joey Echeverria
> Assignee: Chaoyu Tang
> Labels: TODOC12
> Fix For: 0.12.0
>
> Attachments: HIVE-4487.patch
>
>
> The hive.exec.scratchdir defaults to /tmp/hive-$\{user.name\}, but when Hive
> creates this directory it doesn't set any explicit permission on it. This
> means if you have the default HDFS umask setting of 022, then these
> directories end up being world readable. These permissions also get applied
> to the staging directories and their files, thus leaving inter-stage data
> world readable.
> This can cause a potential leak of data especially when operating on a
> Kerberos enabled cluster. Hive should probably default these directories to
> only be readable by the owner.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
