You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hbase.apache.org by "Zhang Dongsheng (Jira)" <ji...@apache.org> on 2022/12/23 09:46:00 UTC

[jira] [Resolved] (HBASE-27545) Ensure that the baseStagingDir created by SecureBulkLoadManager has the correct permissions

     [ https://issues.apache.org/jira/browse/HBASE-27545?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Zhang Dongsheng resolved HBASE-27545.
-------------------------------------
    Fix Version/s: 2.5.2
     Release Note: This issues is same as HBASE-26985
       Resolution: Duplicate

> Ensure that the baseStagingDir created by SecureBulkLoadManager has the correct permissions
> -------------------------------------------------------------------------------------------
>
>                 Key: HBASE-27545
>                 URL: https://issues.apache.org/jira/browse/HBASE-27545
>             Project: HBase
>          Issue Type: Improvement
>          Components: regionserver
>            Reporter: Zhang Dongsheng
>            Assignee: Zhang Dongsheng
>            Priority: Minor
>             Fix For: 2.5.2
>
>
> In the start function of SecureBulkLoadManager, there is the following code segment
> {code:java}
>   public void start() throws IOException {
>     ......
>     fs = FileSystem.get(conf);
>     baseStagingDir = new Path(CommonFSUtils.getRootDir(conf), HConstants.BULKLOAD_STAGING_DIR_NAME);
>     ......
>     if (!fs.exists(baseStagingDir)) {
>       fs.mkdirs(baseStagingDir, PERM_HIDDEN);
>     }
>   }
> {code}
> It can be seen that the run function will use the mkdirs to create the path when baseStagingDir does not exist, and the parameters passed in include the path variable baseStagingDir and a permission 700. But we haven't confirmed whether the permission is correctly assigned to the file.
> The above question is raised because there are two mkdir functions of hadoop, namely 
> {code:java}
> mkdirs(Path f, FsPermission permission)
> {code}
>  and 
> {code:java}
> mkdirs(FileSystem fs, Path dir, FsPermission permission)
> {code}
> , and the first one is used here. The permissions of this function will be affected by the underlying umask. Although 700 here will hardly be affected by umask, but I think from a rigorous point of view, we should have one more permission check and permission grant here.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)