[jira] [Commented] (HBASE-7917) Documentation for secure bulk load

["Enis Soztutar (JIRA)" <ji...@apache.org>]

    [ https://issues.apache.org/jira/browse/HBASE-7917?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13584988#comment-13584988 ] 

Enis Soztutar commented on HBASE-7917:
--------------------------------------

Also noticed that http://hbase.apache.org/book/security.html does not add AccessController. We should fix that :) 
                
> Documentation for secure bulk load
> ----------------------------------
>
>                 Key: HBASE-7917
>                 URL: https://issues.apache.org/jira/browse/HBASE-7917
>             Project: HBase
>          Issue Type: Improvement
>            Reporter: Enis Soztutar
>            Assignee: Enis Soztutar
>             Fix For: 0.96.0
>
>
> One of our tests for bulk loading on a secure cluster failed, because of it was 
> not configured properly. We should document the setup. 
> From SecureBulkLoadEndpoint: 
> {code}
> 1. Create an hbase owned staging directory which is
>  * world traversable (711): /hbase/staging
>  * 2. A user writes out data to his secure output directory: /user/foo/data
>  * 3. A call is made to hbase to create a secret staging directory
>  * which globally rwx (777): /user/staging/averylongandrandomdirectoryname
>  * 4. The user makes the data world readable and writable, then moves it
>  * into the random staging directory, then calls bulkLoadHFiles()
>  *
>  * Like delegation tokens the strength of the security lies in the length
>  * and randomness of the secret directory.
> {code}
> See HBASE-5498 for details on secure bulk load. 

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira