[
https://issues.apache.org/jira/browse/PIG-3511?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13868020#comment-13868020
]
Rohini Palaniswamy commented on PIG-3511:
-----------------------------------------
If the user umask for the output directories are world readable then the
temporary directories created by pig also has same permissions. And these
temporary directory has job.jar, other registered jars and scripts, replicated
table, quantile file for orderby, etc which are localized for jobs. Hadoop
localizes them as public when the permissions are readable by all. The heavy
requests for public localization from pig caused YARN-1575. The hadoop team
would like to get this fixed in pig as well as having the data readable by all
in /tmp directory is not a good thing. Also publicly localized things are
localized directly by the NM process via a thread pool. Privately localized
things are localized by a container localizer process run as the user. Keeping
it private puts less load on NM and avoids localization being slowed down by
the NM thread pool limit.
> Security: Pig temporary directories might have world readable permissions
> -------------------------------------------------------------------------
>
> Key: PIG-3511
> URL: https://issues.apache.org/jira/browse/PIG-3511
> Project: Pig
> Issue Type: Bug
> Reporter: Aniket Mokashi
> Assignee: Rohini Palaniswamy
> Fix For: 0.13.0
>
>
> Currently, udf jars are copied to FileLocalizer.getTemporaryPath which is a
> unsecured location. We need to make sure the directory that we copy these
> jars to have 700 permission settings (similar behavior as JobClient).
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
