Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 73BD0200CE7 for ; Fri, 18 Aug 2017 05:56:06 +0200 (CEST) Received: by cust-asf.ponee.io (Postfix) id 72290161DB8; Fri, 18 Aug 2017 03:56:06 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id B9460161DB7 for ; Fri, 18 Aug 2017 05:56:05 +0200 (CEST) Received: (qmail 37661 invoked by uid 500); 18 Aug 2017 03:56:04 -0000 Mailing-List: contact dev-help@hbase.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@hbase.apache.org Delivered-To: mailing list dev@hbase.apache.org Received: (qmail 37650 invoked by uid 99); 18 Aug 2017 03:56:04 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 18 Aug 2017 03:56:04 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 041A2C10D3 for ; Fri, 18 Aug 2017 03:56:04 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: -100.002 X-Spam-Level: X-Spam-Status: No, score=-100.002 tagged_above=-999 required=6.31 tests=[RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001, USER_IN_WHITELIST=-100] autolearn=disabled Received: from mx1-lw-eu.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id 3oxDWWmsKijm for ; Fri, 18 Aug 2017 03:56:03 +0000 (UTC) Received: from mailrelay1-us-west.apache.org (mailrelay1-us-west.apache.org [209.188.14.139]) by mx1-lw-eu.apache.org (ASF Mail Server at mx1-lw-eu.apache.org) with ESMTP id AED215FBB0 for ; Fri, 18 Aug 2017 03:56:02 +0000 (UTC) Received: from jira-lw-us.apache.org (unknown [207.244.88.139]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id 5DCC3E09FE for ; Fri, 18 Aug 2017 03:56:01 +0000 (UTC) Received: from jira-lw-us.apache.org (localhost [127.0.0.1]) by jira-lw-us.apache.org (ASF Mail Server at jira-lw-us.apache.org) with ESMTP id 93E0C25385 for ; Fri, 18 Aug 2017 03:56:00 +0000 (UTC) Date: Fri, 18 Aug 2017 03:56:00 +0000 (UTC) From: "Jerry He (JIRA)" To: dev@hbase.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Resolved] (HBASE-9417) SecureBulkLoadEndpoint should be folded in core MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 archived-at: Fri, 18 Aug 2017 03:56:06 -0000 [ https://issues.apache.org/jira/browse/HBASE-9417?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Jerry He resolved HBASE-9417. ----------------------------- Resolution: Duplicate Fix Version/s: (was: 2.0.0-alpha-3) > SecureBulkLoadEndpoint should be folded in core > ----------------------------------------------- > > Key: HBASE-9417 > URL: https://issues.apache.org/jira/browse/HBASE-9417 > Project: HBase > Issue Type: Bug > Components: regionserver, security > Reporter: Enis Soztutar > Priority: Critical > > In unsecure bulk loading, the client creates the files to be bulk loaded, and asks the regionservers to do the operation. Bulk loading is performed by a move, which would mean that the hbase user has to have WRITE permissions for the bulk loaded files. If the client who has generated the files is different than the hbase user, this creates an access denied exception if complete bulk load is not run as the hbase user. > I think even for unsecure mode, we should mimic what SecureBulkLoadEndpoint does, where hbase creates a staging directory and the client hands off the files to that directory with global perms. > Update: Now that HBASE-12052 enables running SecureBulkLoadEndpoint even in unsecure deployments, we should consider bringing SecureBulkLoad into core HBase (meaning implement the functionality in RegionServer instead of in the coprocessor). -- This message was sent by Atlassian JIRA (v6.4.14#64029)