[jira] [Work logged] (HIVE-26887) Make sure dirPath has the correct permissions

Sat, 24 Dec 2022 06:26:05 -0800 


     [ 
https://issues.apache.org/jira/browse/HIVE-26887?focusedWorklogId=835579&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-835579
 ]

ASF GitHub Bot logged work on HIVE-26887:
-----------------------------------------

                Author: ASF GitHub Bot
            Created on: 24/Dec/22 14:25
            Start Date: 24/Dec/22 14:25
    Worklog Time Spent: 10m 
      Work Description: sonarcloud[bot] commented on PR #3894:
URL: https://github.com/apache/hive/pull/3894#issuecomment-1364537607

   Kudos, SonarCloud Quality Gate passed!    [![Quality Gate 
passed](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/QualityGateBadge/passed-16px.png
 'Quality Gate 
passed')](https://sonarcloud.io/dashboard?id=apache_hive&pullRequest=3894)
   
   
[![Bug](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/bug-16px.png
 
'Bug')](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3894&resolved=false&types=BUG)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3894&resolved=false&types=BUG)
 [0 
Bugs](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3894&resolved=false&types=BUG)
  
   
[![Vulnerability](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/vulnerability-16px.png
 
'Vulnerability')](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3894&resolved=false&types=VULNERABILITY)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3894&resolved=false&types=VULNERABILITY)
 [0 
Vulnerabilities](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3894&resolved=false&types=VULNERABILITY)
  
   [![Security 
Hotspot](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/security_hotspot-16px.png
 'Security 
Hotspot')](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=3894&resolved=false&types=SECURITY_HOTSPOT)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=3894&resolved=false&types=SECURITY_HOTSPOT)
 [0 Security 
Hotspots](https://sonarcloud.io/project/security_hotspots?id=apache_hive&pullRequest=3894&resolved=false&types=SECURITY_HOTSPOT)
  
   [![Code 
Smell](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/common/code_smell-16px.png
 'Code 
Smell')](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3894&resolved=false&types=CODE_SMELL)
 
[![A](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/RatingBadge/A-16px.png
 
'A')](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3894&resolved=false&types=CODE_SMELL)
 [1 Code 
Smell](https://sonarcloud.io/project/issues?id=apache_hive&pullRequest=3894&resolved=false&types=CODE_SMELL)
   
   [![No Coverage 
information](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/CoverageChart/NoCoverageInfo-16px.png
 'No Coverage 
information')](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=3894&metric=coverage&view=list)
 No Coverage information  
   [![No Duplication 
information](https://sonarsource.github.io/sonarcloud-github-static-resources/v2/checks/Duplications/NoDuplicationInfo-16px.png
 'No Duplication 
information')](https://sonarcloud.io/component_measures?id=apache_hive&pullRequest=3894&metric=duplicated_lines_density&view=list)
 No Duplication information
   
   




Issue Time Tracking
-------------------

    Worklog Id:     (was: 835579)
    Time Spent: 20m  (was: 10m)

> Make sure dirPath has the correct permissions
> ---------------------------------------------
>
>                 Key: HIVE-26887
>                 URL: https://issues.apache.org/jira/browse/HIVE-26887
>             Project: Hive
>          Issue Type: Improvement
>            Reporter: Zhang Dongsheng
>            Priority: Major
>              Labels: pull-request-available
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> In the QueryResultsCache function of class QueryResultsCache, there is the 
> following code segment
> {code:java}
>   private QueryResultsCache(HiveConf configuration) throws IOException {
>     ......
>     FileSystem fs = cacheDirPath.getFileSystem(conf);
>     FsPermission fsPermission = new FsPermission("700");
>     fs.mkdirs(cacheDirPath, fsPermission);
>     ......
> }
> {code}
> It can be seen that the function will use the mkdirs to create cacheDirPath, 
> and the parameters passed in include the path variable cacheDirPath and a 
> permission 700. But we haven't confirmed whether the permission is correctly 
> assigned to the file.
> The above question is raised because there are two mkdir functions of hadoop, 
> {code:java}
> mkdirs(Path f, FsPermission permission)
> {code}
>  and 
> {code:java}
> mkdirs(FileSystem fs, Path dir, FsPermission permission)
> {code}
> and the first one is used here. The permissions of this function will be 
> affected by the underlying umask. Although 700 here will hardly be affected 
> by umask, but I think from a rigorous point of view, we should have one more 
> permission check and permission grant here.
> And I find same issue in other three methods here.
> In class Context
> {code:java}
> private Path getScratchDir(String scheme, String authority,
>       boolean mkdir, String scratchDir) {
>           ......
>           FileSystem fs = dirPath.getFileSystem(conf);
>           dirPath = new Path(fs.makeQualified(dirPath).toString());
>           FsPermission fsPermission = new FsPermission(scratchDirPermission);
>           if (!fs.mkdirs(dirPath, fsPermission)) {
>             throw new RuntimeException("Cannot make directory: "
>                 + dirPath.toString());
>           ......
>   }
> {code}
> In class SessionState
> {code:java}
>   static void createPath(HiveConf conf, Path path, String permission, boolean 
> isLocal,
>       boolean isCleanUp) throws IOException {
>     FsPermission fsPermission = new FsPermission(permission);
>     FileSystem fs;
>     ......
>     if (!fs.mkdirs(path, fsPermission)) {
>       throw new IOException("Failed to create directory " + path + " on fs " 
> + fs.getUri());
>     }
>     ......
>   }
> {code}
> and in class TezSessionState
> {code:java}
> private Path createTezDir(String sessionId, String suffix) throws IOException 
> {
>     ......
>     Path tezDir = new Path(hdfsScratchDir, TEZ_DIR);
>     FileSystem fs = tezDir.getFileSystem(conf);
>     FsPermission fsPermission = new FsPermission(HiveConf.getVar(conf, 
> HiveConf.ConfVars.SCRATCHDIRPERMISSION));
>     fs.mkdirs(tezDir, fsPermission);
>     ......
>   }
> {code}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to