Skip to content

Commit 20106e2

Browse files
ayushtknayushtkn
authored
HIVE-28134: Improve SecureCmdDoAs. (#5140). (Ayush Saxena, reviewed by Sourabh Badhya)
1 parent 884981d commit 20106e2

File tree

1 file changed

+9
-1
lines changed

1 file changed

+9
-1
lines changed

ql/src/java/org/apache/hadoop/hive/ql/exec/SecureCmdDoAs.java

Lines changed: 9 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -23,8 +23,10 @@
2323
import java.net.URISyntaxException;
2424
import java.util.Map;
2525

26+
import org.apache.hadoop.fs.FSDataOutputStream;
2627
import org.apache.hadoop.fs.FileSystem;
2728
import org.apache.hadoop.fs.Path;
29+
import org.apache.hadoop.fs.permission.FsPermission;
2830
import org.apache.hadoop.hive.conf.HiveConf;
2931
import org.apache.hadoop.hive.ql.metadata.HiveException;
3032
import org.apache.hadoop.hive.shims.ShimLoader;
@@ -68,7 +70,13 @@ public SecureCmdDoAs(HiveConf conf) throws HiveException, IOException{
6870
tokenPath = new Path(tokenFile.toURI());
6971

7072
//write credential with token to file
71-
cred.writeTokenStorageFile(tokenPath, conf);
73+
FsPermission umask = FsPermission.getUMask(conf);
74+
FsPermission targetPerm = FsPermission.createImmutable((short) 0700);
75+
76+
try (FSDataOutputStream os = tokenPath.getFileSystem(conf).createFile(tokenPath)
77+
.permission(targetPerm.applyUMask(umask)).build()) {
78+
cred.writeTokenStorageToStream(os, Credentials.SerializedFormat.WRITABLE);
79+
}
7280
}
7381

7482
public void addEnv(Map<String, String> env){

0 commit comments

Comments
 (0)