Return-Path: 
 <issues-return-166790-apmail-hbase-issues-archive=hbase.apache.org@hbase.apache.org>
X-Original-To: apmail-hbase-issues-archive@www.apache.org
Delivered-To: apmail-hbase-issues-archive@www.apache.org
Received: from mail.apache.org (hermes.apache.org [140.211.11.3])
	by minotaur.apache.org (Postfix) with SMTP id 28569179D2
	for <apmail-hbase-issues-archive@www.apache.org>;
 Sun, 12 Oct 2014 03:37:35 +0000 (UTC)
Received: (qmail 68250 invoked by uid 500); 12 Oct 2014 03:37:35 -0000
Delivered-To: apmail-hbase-issues-archive@hbase.apache.org
Received: (qmail 68199 invoked by uid 500); 12 Oct 2014 03:37:34 -0000
Mailing-List: contact issues-help@hbase.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:issues-help@hbase.apache.org>
List-Unsubscribe: <mailto:issues-unsubscribe@hbase.apache.org>
List-Post: <mailto:issues@hbase.apache.org>
List-Id: <issues.hbase.apache.org>
Delivered-To: mailing list issues@hbase.apache.org
Received: (qmail 68181 invoked by uid 99); 12 Oct 2014 03:37:34 -0000
Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28)
    by apache.org (qpsmtpd/0.29) with ESMTP; Sun, 12 Oct 2014 03:37:34 +0000
Date: Sun, 12 Oct 2014 03:37:34 +0000 (UTC)
From: "Enis Soztutar (JIRA)" <jira@apache.org>
To: issues@hbase.apache.org
Message-ID: <JIRA.12743271.1411409604000.248297.1413085054720@Atlassian.JIRA>
In-Reply-To: <JIRA.12743271.1411409604000@Atlassian.JIRA>
References: <JIRA.12743271.1411409604000@Atlassian.JIRA>
 <JIRA.12743271.1411409604852@arcas>
Subject: [jira] [Updated] (HBASE-12053) SecurityBulkLoadEndPoint set 777
 permission on input data files
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394


     [ https://issues.apache.org/jira/browse/HBASE-12053?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Enis Soztutar updated HBASE-12053:
----------------------------------
    Fix Version/s:     (was: 0.99.1)
                   0.99.2

> SecurityBulkLoadEndPoint set 777 permission on input data files 
> ----------------------------------------------------------------
>
>                 Key: HBASE-12053
>                 URL: https://issues.apache.org/jira/browse/HBASE-12053
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Jeffrey Zhong
>            Assignee: Jeffrey Zhong
>             Fix For: 2.0.0, 0.98.8, 0.99.2
>
>         Attachments: HBASE-12053.patch
>
>
> We have code in SecureBulkLoadEndpoint#secureBulkLoadHFiles
> {code}
>               LOG.trace("Setting permission for: " + p);
>               fs.setPermission(p, PERM_ALL_ACCESS);
> {code}
> This is against the point we use staging folder for secure bulk load. Currently we create a hidden staging folder which has ALL_ACCESS permission and we  use "doAs" to move input files into staging folder. Therefore, we should not set 777 permission on the original input data files but files in staging folder after move. 
> This may comprise security setting especially when there is an error & we move the file with 777 permission back. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)