[ https://issues.apache.org/jira/browse/HIVE-2079?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13013557#comment-13013557 ]
Devaraj Das commented on HIVE-2079: ----------------------------------- Edward, at Yahoo!, we run the thrift server as a standalone metastore server, and there the problem can be handled. The solution is still under investigation but here is the flow of the directory creations and permission settings: 1) Have the real warehouse directory owned by the hive-thrift-server user and let that have 755 permissions. 2) Have a temp warehouse directory for staging the creation of tables/databases, and let that have 777 permissions. 3) When a user issues a create_table/database command, the hive-thrift-server creates the corresponding directory in the temp location. This operation happens as the user in question and the directory ends up getting owned by the user. 4) The hive-thrift-server then moves the directory to the real warehouse directory. This operation is done as the hive-thrift-server user.Since the temp directory has 777 permissions, and the real warehouse directory is owned by the hive-thrift-server user, the move will succeed. With all the work that has been done in mostly HIVE-1842 & HIVE-1696, the above seems possible. Granted, this won't work when hive runs in the fat-client mode. So, most likely, we will make the above be based on whether metastore is running in the local mode or not (hive.metastore.local config). Makes sense ? > The warehouse directory shouldn't be 777'ed > ------------------------------------------- > > Key: HIVE-2079 > URL: https://issues.apache.org/jira/browse/HIVE-2079 > Project: Hive > Issue Type: Bug > Components: Metastore, Security > Reporter: Devaraj Das > Assignee: Mac Yang > Fix For: 0.8.0 > > > The warehouse directory is created with a permissions of 777. This is to > allow any user to successfully create database/table directories there. The > security issue is that anyone can delete any directory in the warehouse. We > should fix this hole. -- This message is automatically generated by JIRA. For more information on JIRA, see: http://www.atlassian.com/software/jira