hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jeffrey Zhong (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (HBASE-12053) SecurityBulkLoadEndPoint set 777 permission on input data files
Date Tue, 23 Sep 2014 23:37:34 GMT

    [ https://issues.apache.org/jira/browse/HBASE-12053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14145617#comment-14145617
] 

Jeffrey Zhong commented on HBASE-12053:
---------------------------------------

[~enis] Thanks for the review.

{quote}
Should we also delete the staging files?
{quote}
After bulk load is done, they will be cleaned by SecureBulkLoadEndpoint#cleanupBulkLoad. 


> SecurityBulkLoadEndPoint set 777 permission on input data files 
> ----------------------------------------------------------------
>
>                 Key: HBASE-12053
>                 URL: https://issues.apache.org/jira/browse/HBASE-12053
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Jeffrey Zhong
>            Assignee: Jeffrey Zhong
>             Fix For: 2.0.0, 0.98.7, 0.99.1
>
>         Attachments: HBASE-12053.patch
>
>
> We have code in SecureBulkLoadEndpoint#secureBulkLoadHFiles
> {code}
>               LOG.trace("Setting permission for: " + p);
>               fs.setPermission(p, PERM_ALL_ACCESS);
> {code}
> This is against the point we use staging folder for secure bulk load. Currently we create
a hidden staging folder which has ALL_ACCESS permission and we  use "doAs" to move input files
into staging folder. Therefore, we should not set 777 permission on the original input data
files but files in staging folder after move. 
> This may comprise security setting especially when there is an error & we move the
file with 777 permission back. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message