hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From abhishek kr <abhishek...@huawei.com>
Subject CreateTableHandler: postCreateTableHanler coprocessor runs as RemoteRpcUser privileged action.
Date Mon, 04 May 2015 12:14:14 GMT
We have a custom written coprocessor for CreateTableHandler which does some hdfs related stuff
in postCreateTableHandler, and it was working fine till HBASE-11886 got merged. It seems that
post HBASE-11886 merge, our coprocessor code is getting executed with remote rpc user privileges
instead of master privileges:
//  --START--
    this.activeUser.runAs(new PrivilegedExceptionAction<Void>() {
          public Void run() throws Exception {
            cpHost.postCreateTableHandler(hTableDescriptor, newRegions);
            return null;
// --END--

As per HBASE-11886,  these changes were done to handle table ACL related issue ,  however
it does this by reducing the default privileges coprocessor runs under.
We can get around this by using User.runAsLoginUser in our coprocessor code but I think  by
default coprocessors should continue to run with master/region server identity and HBASE-11886
can be handled in some other way, for example using InheritedThreadLocal for RequestContext,
as suggested in comments by Anoop in HBASE-11886,  pls let us know ur views on this, thanks.


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message