[ https://issues.apache.org/jira/browse/HIVE-4487?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13771092#comment-13771092 ]
Hudson commented on HIVE-4487: ------------------------------ FAILURE: Integrated in Hive-trunk-hadoop1-ptest #172 (See [https://builds.apache.org/job/Hive-trunk-hadoop1-ptest/172/]) HIVE-4487 - Hive does not set explicit permissions on hive.exec.scratchdir (Chaoyu Tang via Brock Noland) (brock: http://svn.apache.org/viewcvs.cgi/?root=Apache-SVN&view=rev&rev=1524509) * /hive/trunk/common/src/java/org/apache/hadoop/hive/conf/HiveConf.java * /hive/trunk/ql/src/java/org/apache/hadoop/hive/ql/Context.java > Hive does not set explicit permissions on hive.exec.scratchdir > -------------------------------------------------------------- > > Key: HIVE-4487 > URL: https://issues.apache.org/jira/browse/HIVE-4487 > Project: Hive > Issue Type: Bug > Affects Versions: 0.10.0 > Reporter: Joey Echeverria > Assignee: Chaoyu Tang > Fix For: 0.13.0 > > Attachments: HIVE-4487.patch > > > The hive.exec.scratchdir defaults to /tmp/hive-$\{user.name\}, but when Hive > creates this directory it doesn't set any explicit permission on it. This > means if you have the default HDFS umask setting of 022, then these > directories end up being world readable. These permissions also get applied > to the staging directories and their files, thus leaving inter-stage data > world readable. > This can cause a potential leak of data especially when operating on a > Kerberos enabled cluster. Hive should probably default these directories to > only be readable by the owner. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira