hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "jiraposter@reviews.apache.org (Commented) (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-5526) Configurable file and directory based umask
Date Thu, 08 Mar 2012 04:55:02 GMT

    [ https://issues.apache.org/jira/browse/HBASE-5526?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13224992#comment-13224992
] 

jiraposter@reviews.apache.org commented on HBASE-5526:
------------------------------------------------------


-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/4217/#review5702
-----------------------------------------------------------



src/main/java/org/apache/hadoop/hbase/regionserver/HRegion.java
<https://reviews.apache.org/r/4217/#comment12427>

    Leftover?



src/main/java/org/apache/hadoop/hbase/regionserver/HRegion.java
<https://reviews.apache.org/r/4217/#comment12423>

    Should be HREGION_INFO_PERMISSION_KEY, right?
    Or I guess HREGION_INFO_PERMISSION_KEY is a leftover?



src/main/java/org/apache/hadoop/hbase/util/FSTableDescriptors.java
<https://reviews.apache.org/r/4217/#comment12428>

    I know we went back and forth on this... But there is nothing in .tableinfo that is secret
to a viewer, just some table metadata. So we do not really have to go through this huh-hah
:)
    
    Also if we wanted to do this and we always have to create an HBaseConfiguration anyway,
why not do this down in writeHTD?
    That way the conf would not need to be passed down.



src/main/java/org/apache/hadoop/hbase/util/FSTableDescriptors.java
<https://reviews.apache.org/r/4217/#comment12431>

    above you call fs.create(...), why using FSUtils here? Seems we could remove the extra
create method from FSUtils, since it is only called from here.



src/main/java/org/apache/hadoop/hbase/util/FSTableDescriptors.java
<https://reviews.apache.org/r/4217/#comment12432>

    Just make the HBaseConfiguration in writeHTD (or as said above don't worry about .tableinfos)



src/main/java/org/apache/hadoop/hbase/util/FSUtils.java
<https://reviews.apache.org/r/4217/#comment12425>

    Since we pass perms in, we do not need configuration, right?
    Should overwrite be false for existing behavior?



src/main/java/org/apache/hadoop/hbase/util/FSUtils.java
<https://reviews.apache.org/r/4217/#comment12424>

    Same here, don't need configuration...
    
    And doesn't this change the semantics?
    Before you'd get an error if the file exists, not you get an error only if pass overwrite
as false.
    Could force overwrite to false I think to retain old behavior.



src/main/java/org/apache/hadoop/hbase/util/FSUtils.java
<https://reviews.apache.org/r/4217/#comment12426>

    Why the -- leading the comment?



src/main/java/org/apache/hadoop/hbase/util/FSUtils.java
<https://reviews.apache.org/r/4217/#comment12429>

    Ugh... Catching NPE? Better to do a null check for conf above.



src/test/java/org/apache/hadoop/hbase/util/TestFSUtils.java
<https://reviews.apache.org/r/4217/#comment12430>

    Maybe also have a test that verifies the actual HBase file permissions.
    I.e. write some data, then check permissions of HFile.


- Lars


On 2012-03-08 02:56:16, Jesse Yates wrote:
bq.  
bq.  -----------------------------------------------------------
bq.  This is an automatically generated e-mail. To reply, visit:
bq.  https://reviews.apache.org/r/4217/
bq.  -----------------------------------------------------------
bq.  
bq.  (Updated 2012-03-08 02:56:16)
bq.  
bq.  
bq.  Review request for hbase and Lars Hofhansl.
bq.  
bq.  
bq.  Summary
bq.  -------
bq.  
bq.  Currently many all the files created by the HBase user are just written using the default
file permissions granted by hdfs. However, to ensure only the correct user/group views the
files and directories, we need to be able to apply a configurable umask to either directories
or files.
bq.  
bq.  This ticket covers setting permissions for files written to dfs, as opposed to things
like pid and log files.
bq.  
bq.  The impetus for this was to allow the web-user to view the directory structure of hbase,
but not to actually see any of the actual data hbase is storing.
bq.  
bq.  
bq.  This addresses bug HBASE-5526.
bq.      https://issues.apache.org/jira/browse/HBASE-5526
bq.  
bq.  
bq.  Diffs
bq.  -----
bq.  
bq.    src/main/java/org/apache/hadoop/hbase/HConstants.java e60ce04 
bq.    src/main/java/org/apache/hadoop/hbase/io/hfile/AbstractHFileWriter.java 9e7e624 
bq.    src/main/java/org/apache/hadoop/hbase/regionserver/HRegion.java 76ff422 
bq.    src/main/java/org/apache/hadoop/hbase/util/FSTableDescriptors.java 62cf6ac 
bq.    src/main/java/org/apache/hadoop/hbase/util/FSUtils.java d2d7efe 
bq.    src/main/resources/hbase-default.xml 9277e0c 
bq.    src/test/java/org/apache/hadoop/hbase/util/TestFSTableDescriptors.java 0db4d42 
bq.    src/test/java/org/apache/hadoop/hbase/util/TestFSUtils.java e2611e6 
bq.  
bq.  Diff: https://reviews.apache.org/r/4217/diff
bq.  
bq.  
bq.  Testing
bq.  -------
bq.  
bq.  "mvn clean test -P localTests" passes
bq.  
bq.  
bq.  Thanks,
bq.  
bq.  Jesse
bq.  
bq.


                
> Configurable file and directory based umask
> -------------------------------------------
>
>                 Key: HBASE-5526
>                 URL: https://issues.apache.org/jira/browse/HBASE-5526
>             Project: HBase
>          Issue Type: New Feature
>          Components: regionserver
>            Reporter: Jesse Yates
>            Assignee: Jesse Yates
>             Fix For: 0.94.0
>
>         Attachments: java_HBASE-5526-v2.patch, java_HBASE-5526-v3.patch, java_HBASE-5526.patch
>
>
> Currently many all the files created by the HBase user are just written using the default
file permissions granted by hdfs. However, to ensure only the correct user/group views the
files and directories, we need to be able to apply a configurable umask to either directories
or files. 
> This ticket covers setting permissions for files written to dfs, as opposed to things
like pid and log files.
> The impetus for this was to allow the web-user to view the directory structure of hbase,
but not to actually see any of the actual data hbase is storing.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

        

Mime
View raw message