You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@hbase.apache.org by "Jeffrey Zhong (JIRA)" <ji...@apache.org> on 2014/11/27 01:56:15 UTC
[jira] [Resolved] (HBASE-12053) SecurityBulkLoadEndPoint set 777
permission on input data files
[ https://issues.apache.org/jira/browse/HBASE-12053?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jeffrey Zhong resolved HBASE-12053.
-----------------------------------
Resolution: Fixed
Hadoop Flags: Reviewed
Thanks for the comments! I've integrated the fix into 0.98,0.99 & master branches.
> SecurityBulkLoadEndPoint set 777 permission on input data files
> ----------------------------------------------------------------
>
> Key: HBASE-12053
> URL: https://issues.apache.org/jira/browse/HBASE-12053
> Project: HBase
> Issue Type: Bug
> Reporter: Jeffrey Zhong
> Assignee: Jeffrey Zhong
> Fix For: 2.0.0, 0.98.9, 0.99.2
>
> Attachments: HBASE-12053.patch
>
>
> We have code in SecureBulkLoadEndpoint#secureBulkLoadHFiles
> {code}
> LOG.trace("Setting permission for: " + p);
> fs.setPermission(p, PERM_ALL_ACCESS);
> {code}
> This is against the point we use staging folder for secure bulk load. Currently we create a hidden staging folder which has ALL_ACCESS permission and we use "doAs" to move input files into staging folder. Therefore, we should not set 777 permission on the original input data files but files in staging folder after move.
> This may comprise security setting especially when there is an error & we move the file with 777 permission back.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)