[jira] [Work logged] (HIVE-24288) Files created by CompileProcessor have incorrect permissions
[ https://issues.apache.org/jira/browse/HIVE-24288?focusedWorklogId=507061=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-507061 ] ASF GitHub Bot logged work on HIVE-24288: - Author: ASF GitHub Bot Created on: 03/Nov/20 14:16 Start Date: 03/Nov/20 14:16 Worklog Time Spent: 10m Work Description: nrg4878 closed pull request #1590: URL: https://github.com/apache/hive/pull/1590 This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 507061) Time Spent: 1.5h (was: 1h 20m) > Files created by CompileProcessor have incorrect permissions > > > Key: HIVE-24288 > URL: https://issues.apache.org/jira/browse/HIVE-24288 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 3.1.0 >Reporter: Naveen Gangam >Assignee: Naveen Gangam >Priority: Major > Labels: pull-request-available > Fix For: 4.0.0 > > Time Spent: 1.5h > Remaining Estimate: 0h > > Compile processor generates some temporary files as part of processing. These > need to be cleaned up on exit from CLI. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Work logged] (HIVE-24288) Files created by CompileProcessor have incorrect permissions
[ https://issues.apache.org/jira/browse/HIVE-24288?focusedWorklogId=507042=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-507042 ] ASF GitHub Bot logged work on HIVE-24288: - Author: ASF GitHub Bot Created on: 03/Nov/20 14:14 Start Date: 03/Nov/20 14:14 Worklog Time Spent: 10m Work Description: nrg4878 commented on pull request #1590: URL: https://github.com/apache/hive/pull/1590#issuecomment-720792165 Fix has been committed. Thank you for the review @yongzhi This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org Issue Time Tracking --- Worklog Id: (was: 507042) Time Spent: 1h 20m (was: 1h 10m) > Files created by CompileProcessor have incorrect permissions > > > Key: HIVE-24288 > URL: https://issues.apache.org/jira/browse/HIVE-24288 > Project: Hive > Issue Type: Bug > Components: Hive >Affects Versions: 3.1.0 >Reporter: Naveen Gangam >Assignee: Naveen Gangam >Priority: Major > Labels: pull-request-available > Fix For: 4.0.0 > > Time Spent: 1h 20m > Remaining Estimate: 0h > > Compile processor generates some temporary files as part of processing. These > need to be cleaned up on exit from CLI. -- This message was sent by Atlassian Jira (v8.3.4#803005)
[jira] [Work logged] (HIVE-24288) Files created by CompileProcessor have incorrect permissions
[
https://issues.apache.org/jira/browse/HIVE-24288?focusedWorklogId=506693=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-506693
]
ASF GitHub Bot logged work on HIVE-24288:
-
Author: ASF GitHub Bot
Created on: 03/Nov/20 13:35
Start Date: 03/Nov/20 13:35
Worklog Time Spent: 10m
Work Description: yongzhi commented on a change in pull request #1590:
URL: https://github.com/apache/hive/pull/1590#discussion_r516202877
##
File path:
ql/src/java/org/apache/hadoop/hive/ql/processors/CompileProcessor.java
##
@@ -254,6 +276,9 @@ CommandProcessorResponse compile(SessionState ss) throws
CommandProcessorExcepti
if (ss != null){
ss.add_resource(ResourceType.JAR, testArchive.getAbsolutePath());
+ try {
+testArchive.deleteOnExit();
Review comment:
Then delete at exit should be fine.
##
File path:
ql/src/java/org/apache/hadoop/hive/ql/processors/CompileProcessor.java
##
@@ -241,14 +254,26 @@ CommandProcessorResponse compile(SessionState ss) throws
CommandProcessorExcepti
out.closeArchiveEntry();
}
out.finish();
+ setPosixFilePermissions(testArchive, lockout, false);
Review comment:
What's the purpose of set the permission here? Could it happen before
the write operations above?
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 506693)
Time Spent: 1h 10m (was: 1h)
> Files created by CompileProcessor have incorrect permissions
>
>
> Key: HIVE-24288
> URL: https://issues.apache.org/jira/browse/HIVE-24288
> Project: Hive
> Issue Type: Bug
> Components: Hive
>Affects Versions: 3.1.0
>Reporter: Naveen Gangam
>Assignee: Naveen Gangam
>Priority: Major
> Labels: pull-request-available
> Fix For: 4.0.0
>
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> Compile processor generates some temporary files as part of processing. These
> need to be cleaned up on exit from CLI.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Work logged] (HIVE-24288) Files created by CompileProcessor have incorrect permissions
[
https://issues.apache.org/jira/browse/HIVE-24288?focusedWorklogId=505716=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-505716
]
ASF GitHub Bot logged work on HIVE-24288:
-
Author: ASF GitHub Bot
Created on: 28/Oct/20 13:04
Start Date: 28/Oct/20 13:04
Worklog Time Spent: 10m
Work Description: nrg4878 commented on a change in pull request #1590:
URL: https://github.com/apache/hive/pull/1590#discussion_r513424742
##
File path:
ql/src/java/org/apache/hadoop/hive/ql/processors/CompileProcessor.java
##
@@ -254,6 +276,9 @@ CommandProcessorResponse compile(SessionState ss) throws
CommandProcessorExcepti
if (ss != null){
ss.add_resource(ResourceType.JAR, testArchive.getAbsolutePath());
+ try {
+testArchive.deleteOnExit();
Review comment:
after testing further, somehow deleting the jar after add_resource will
result in CNFE when creating the UDF. So the above should be fine given the
permissions are rw
java.lang.ClassNotFoundException: Pyth
at java.net.URLClassLoader.findClass(URLClassLoader.java:382)
~[?:1.8.0_231]
at java.lang.ClassLoader.loadClass(ClassLoader.java:418) ~[?:1.8.0_231]
at java.lang.ClassLoader.loadClass(ClassLoader.java:351) ~[?:1.8.0_231]
at java.lang.Class.forName0(Native Method) ~[?:1.8.0_231]
at java.lang.Class.forName(Class.java:348) ~[?:1.8.0_231]
at
org.apache.hadoop.hive.ql.ddl.function.create.CreateFunctionOperation.getUdfClass(CreateFunctionOperation.java:96)
~[hive-exec-4.0.0-SNAPSHOT.jar:4.0.0-SNAPSHOT]
at
org.apache.hadoop.hive.ql.ddl.function.create.CreateFunctionOperation.createTemporaryFunction(CreateFunctionOperation.java:73)
~[hive-exec-4.0.0-SNAPSHOT.jar:4.0.0-SNAPSHOT]
at
org.apache.hadoop.hive.ql.ddl.function.create.CreateFunctionOperation.execute(CreateFunctionOperation.java:57)
~[hive-exec-4.0.0-SNAPSHOT.jar:4.0.0-SNAPSHOT]
at org.apache.hadoop.hive.ql.ddl.DDLTask.execute(DDLTask.java:80)
~[hive-exec-4.0.0-SNAPSHOT.jar:4.0.0-SNAPSHOT]
at org.apache.hadoop.hive.ql.exec.Task.executeTask(Task.java:213)
~[hive-exec-4.0.0-SNAPSHOT.jar:4.0.0-SNAPSHOT]
at
org.apache.hadoop.hive.ql.exec.TaskRunner.runSequential(TaskRunner.java:105)
~[hive-exec-4.0.0-SNAPSHOT.jar:4.0.0-SNAPSHOT]
at org.apache.hadoop.hive.ql.Executor.launchTask(Executor.java:361)
~[hive-exec-4.0.0-SNAPSHOT.jar:4.0.0-SNAPSHOT]
at org.apache.hadoop.hive.ql.Executor.launchTasks(Executor.java:334)
~[hive-exec-4.0.0-SNAPSHOT.jar:4.0.0-SNAPSHOT]
at org.apache.hadoop.hive.ql.Executor.runTasks(Executor.java:245)
~[hive-exec-4.0.0-SNAPSHOT.jar:4.0.0-SNAPSHOT]
at org.apache.hadoop.hive.ql.Executor.execute(Executor.java:108)
~[hive-exec-4.0.0-SNAPSHOT.jar:4.0.0-SNAPSHOT]
at org.apache.hadoop.hive.ql.Driver.runInternal(Driver.java:326)
~[hive-exec-4.0.0-SNAPSHOT.jar:4.0.0-SNAPSHOT]
at org.apache.hadoop.hive.ql.Driver.run(Driver.java:149)
~[hive-exec-4.0.0-SNAPSHOT.jar:4.0.0-SNAPSHOT]
at org.apache.hadoop.hive.ql.Driver.run(Driver.java:144)
~[hive-exec-4.0.0-SNAPSHOT.jar:4.0.0-SNAPSHOT]
at
org.apache.hadoop.hive.ql.reexec.ReExecDriver.run(ReExecDriver.java:164)
~[hive-exec-4.0.0-SNAPSHOT.jar:4.0.0-SNAPSHOT]
at
org.apache.hive.service.cli.operation.SQLOperation.runQuery(SQLOperation.java:228)
~[hive-service-4.0.0-SNAPSHOT.jar:4.0.0-SNAPSHOT]
at
org.apache.hive.service.cli.operation.SQLOperation.access$500(SQLOperation.java:88)
~[hive-service-4.0.0-SNAPSHOT.jar:4.0.0-SNAPSHOT]
at
org.apache.hive.service.cli.operation.SQLOperation$BackgroundWork$1.run(SQLOperation.java:325)
~[hive-service-4.0.0-SNAPSHOT.jar:4.0.0-SNAPSHOT]
at java.security.AccessController.doPrivileged(Native Method)
~[?:1.8.0_231]
at javax.security.auth.Subject.doAs(Subject.java:422) ~[?:1.8.0_231]
at
org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1682)
~[hadoop-common-3.1.0.jar:?]
at
org.apache.hive.service.cli.operation.SQLOperation$BackgroundWork.run(SQLOperation.java:343)
~[hive-service-4.0.0-SNAPSHOT.jar:4.0.0-SNAPSHOT]
at
java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
~[?:1.8.0_231]
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
~[?:1.8.0_231]
at
java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
~[?:1.8.0_231]
at
java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
~[?:1.8.0_231]
at java.lang.Thread.run(Thread.java:748) [?:1.8.0_231]
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
[jira] [Work logged] (HIVE-24288) Files created by CompileProcessor have incorrect permissions
[
https://issues.apache.org/jira/browse/HIVE-24288?focusedWorklogId=505392=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-505392
]
ASF GitHub Bot logged work on HIVE-24288:
-
Author: ASF GitHub Bot
Created on: 27/Oct/20 19:58
Start Date: 27/Oct/20 19:58
Worklog Time Spent: 10m
Work Description: nrg4878 commented on a change in pull request #1590:
URL: https://github.com/apache/hive/pull/1590#discussion_r512992042
##
File path:
ql/src/java/org/apache/hadoop/hive/ql/processors/CompileProcessor.java
##
@@ -254,6 +276,9 @@ CommandProcessorResponse compile(SessionState ss) throws
CommandProcessorExcepti
if (ss != null){
ss.add_resource(ResourceType.JAR, testArchive.getAbsolutePath());
+ try {
+testArchive.deleteOnExit();
Review comment:
So each time a compile query is run, it creates new source and new jar
files and that are added as resources. I was not certain at what point these
resources get distributed to the cluster, (is it when add jar is run or when
you create a function using the resource, or when you run a query using the
UDF). so I thought deleting on exit is safe enough because the permissions are
already very narrow on this jar.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 505392)
Time Spent: 50m (was: 40m)
> Files created by CompileProcessor have incorrect permissions
>
>
> Key: HIVE-24288
> URL: https://issues.apache.org/jira/browse/HIVE-24288
> Project: Hive
> Issue Type: Bug
> Components: Hive
>Affects Versions: 3.1.0
>Reporter: Naveen Gangam
>Assignee: Naveen Gangam
>Priority: Major
> Labels: pull-request-available
> Time Spent: 50m
> Remaining Estimate: 0h
>
> Compile processor generates some temporary files as part of processing. These
> need to be cleaned up on exit from CLI.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Work logged] (HIVE-24288) Files created by CompileProcessor have incorrect permissions
[
https://issues.apache.org/jira/browse/HIVE-24288?focusedWorklogId=505389=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-505389
]
ASF GitHub Bot logged work on HIVE-24288:
-
Author: ASF GitHub Bot
Created on: 27/Oct/20 19:51
Start Date: 27/Oct/20 19:51
Worklog Time Spent: 10m
Work Description: nrg4878 commented on a change in pull request #1590:
URL: https://github.com/apache/hive/pull/1590#discussion_r512987958
##
File path:
ql/src/java/org/apache/hadoop/hive/ql/processors/CompileProcessor.java
##
@@ -241,6 +255,14 @@ CommandProcessorResponse compile(SessionState ss) throws
CommandProcessorExcepti
out.closeArchiveEntry();
}
out.finish();
+ try {
+Set perms = EnumSet.of(
+ PosixFilePermission.OWNER_READ,
+ PosixFilePermission.OWNER_WRITE);
+Files.setPosixFilePermissions(Paths.get(testArchive.toURI()), perms);
+ } catch (IOException ioe) {
+LOG.warn("Lockdown permissions could not be set for the jar archive.
JAR file could be open to other users depending on default FS permissions");
Review comment:
if there is an exception here, I am marking the file to be deleted when
the JVM exists.
testArchive.deleteOnExit();
I assumed this would be used from its location in case of CLI fat client. So
we cannot delete the jar until the CLI exits.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 505389)
Time Spent: 40m (was: 0.5h)
> Files created by CompileProcessor have incorrect permissions
>
>
> Key: HIVE-24288
> URL: https://issues.apache.org/jira/browse/HIVE-24288
> Project: Hive
> Issue Type: Bug
> Components: Hive
>Affects Versions: 3.1.0
>Reporter: Naveen Gangam
>Assignee: Naveen Gangam
>Priority: Major
> Labels: pull-request-available
> Time Spent: 40m
> Remaining Estimate: 0h
>
> Compile processor generates some temporary files as part of processing. These
> need to be cleaned up on exit from CLI.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Work logged] (HIVE-24288) Files created by CompileProcessor have incorrect permissions
[
https://issues.apache.org/jira/browse/HIVE-24288?focusedWorklogId=505387=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-505387
]
ASF GitHub Bot logged work on HIVE-24288:
-
Author: ASF GitHub Bot
Created on: 27/Oct/20 19:49
Start Date: 27/Oct/20 19:49
Worklog Time Spent: 10m
Work Description: nrg4878 commented on a change in pull request #1590:
URL: https://github.com/apache/hive/pull/1590#discussion_r512985518
##
File path:
ql/src/java/org/apache/hadoop/hive/ql/processors/CompileProcessor.java
##
@@ -241,6 +255,14 @@ CommandProcessorResponse compile(SessionState ss) throws
CommandProcessorExcepti
out.closeArchiveEntry();
}
out.finish();
+ try {
+Set perms = EnumSet.of(
+ PosixFilePermission.OWNER_READ,
Review comment:
We are setting it at create time right? either closeArchiveEntry() or
out.finish() flushes to disk. We set permissions right after.
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 505387)
Time Spent: 0.5h (was: 20m)
> Files created by CompileProcessor have incorrect permissions
>
>
> Key: HIVE-24288
> URL: https://issues.apache.org/jira/browse/HIVE-24288
> Project: Hive
> Issue Type: Bug
> Components: Hive
>Affects Versions: 3.1.0
>Reporter: Naveen Gangam
>Assignee: Naveen Gangam
>Priority: Major
> Labels: pull-request-available
> Time Spent: 0.5h
> Remaining Estimate: 0h
>
> Compile processor generates some temporary files as part of processing. These
> need to be cleaned up on exit from CLI.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Work logged] (HIVE-24288) Files created by CompileProcessor have incorrect permissions
[
https://issues.apache.org/jira/browse/HIVE-24288?focusedWorklogId=505380=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-505380
]
ASF GitHub Bot logged work on HIVE-24288:
-
Author: ASF GitHub Bot
Created on: 27/Oct/20 19:21
Start Date: 27/Oct/20 19:21
Worklog Time Spent: 10m
Work Description: yongzhi commented on a change in pull request #1590:
URL: https://github.com/apache/hive/pull/1590#discussion_r512948993
##
File path:
ql/src/java/org/apache/hadoop/hive/ql/processors/CompileProcessor.java
##
@@ -241,6 +255,14 @@ CommandProcessorResponse compile(SessionState ss) throws
CommandProcessorExcepti
out.closeArchiveEntry();
}
out.finish();
+ try {
+Set perms = EnumSet.of(
+ PosixFilePermission.OWNER_READ,
Review comment:
Should the permission set at the files create time?
##
File path:
ql/src/java/org/apache/hadoop/hive/ql/processors/CompileProcessor.java
##
@@ -241,6 +255,14 @@ CommandProcessorResponse compile(SessionState ss) throws
CommandProcessorExcepti
out.closeArchiveEntry();
}
out.finish();
+ try {
+Set perms = EnumSet.of(
+ PosixFilePermission.OWNER_READ,
+ PosixFilePermission.OWNER_WRITE);
+Files.setPosixFilePermissions(Paths.get(testArchive.toURI()), perms);
+ } catch (IOException ioe) {
+LOG.warn("Lockdown permissions could not be set for the jar archive.
JAR file could be open to other users depending on default FS permissions");
Review comment:
If the IOException here, can you still delete the file later(has the
permission)?
##
File path:
ql/src/java/org/apache/hadoop/hive/ql/processors/CompileProcessor.java
##
@@ -254,6 +276,9 @@ CommandProcessorResponse compile(SessionState ss) throws
CommandProcessorExcepti
if (ss != null){
ss.add_resource(ResourceType.JAR, testArchive.getAbsolutePath());
+ try {
+testArchive.deleteOnExit();
Review comment:
Will this jar file be added several times to resource? If not, could it
is possible to just delete it and use what is in resource?
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 505380)
Time Spent: 20m (was: 10m)
> Files created by CompileProcessor have incorrect permissions
>
>
> Key: HIVE-24288
> URL: https://issues.apache.org/jira/browse/HIVE-24288
> Project: Hive
> Issue Type: Bug
> Components: Hive
>Affects Versions: 3.1.0
>Reporter: Naveen Gangam
>Assignee: Naveen Gangam
>Priority: Major
> Labels: pull-request-available
> Time Spent: 20m
> Remaining Estimate: 0h
>
> Compile processor generates some temporary files as part of processing. These
> need to be cleaned up on exit from CLI.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
[jira] [Work logged] (HIVE-24288) Files created by CompileProcessor have incorrect permissions
[
https://issues.apache.org/jira/browse/HIVE-24288?focusedWorklogId=502451=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-502451
]
ASF GitHub Bot logged work on HIVE-24288:
-
Author: ASF GitHub Bot
Created on: 20/Oct/20 01:33
Start Date: 20/Oct/20 01:33
Worklog Time Spent: 10m
Work Description: nrg4878 opened a new pull request #1590:
URL: https://github.com/apache/hive/pull/1590
### What changes were proposed in this pull request?
When you run the "compile" query in Hive CLI, this creates some temp files
in java.io.tmp directory that need to be cleaned up after the resource is added
to the session.
For example:
compile `import org.apache.hadoop.hive.ql.exec.UDF \;
public class Pyth extends UDF {
public double evaluate(double a, double b){
return Math.sqrt((a*a) + (b*b)) \;
}
} ` AS GROOVY NAMED Pyth.groovy;
in /tmp,
./0_1603130653872in/Pyth.groovy
./0_1603130393407in/Pyth.groovy
./0_1603130541093in/Pyth.groovy
ls -l *.jar
-rw-r--r-- 1 root root 1578 Oct 19 17:59 0_1603130393407.jar
-rw-r--r-- 1 hive hive 1578 Oct 19 18:02 0_1603130541093.jar
-rw-r--r-- 1 hive hive 1578 Oct 19 18:04 0_1603130653872.jar
### Why are the changes needed?
Cleanup needed
### Does this PR introduce _any_ user-facing change?
NO
### How was this patch tested?
Manually using Hive CLI.
After the fix,
ls -l in /tmp, shows no new .groovy files
Also the jar file has lesser permissions for non-owners
-rw--- 1 root root 1578 Oct 20 00:54 2_1603155248285.jar
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
---
Worklog Id: (was: 502451)
Remaining Estimate: 0h
Time Spent: 10m
> Files created by CompileProcessor have incorrect permissions
>
>
> Key: HIVE-24288
> URL: https://issues.apache.org/jira/browse/HIVE-24288
> Project: Hive
> Issue Type: Bug
> Components: Hive
>Affects Versions: 3.1.0
>Reporter: Naveen Gangam
>Assignee: Naveen Gangam
>Priority: Major
> Time Spent: 10m
> Remaining Estimate: 0h
>
> Compile processor generates some temporary files as part of processing. These
> need to be cleaned up on exit from CLI.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
