Jeffrey Zhong created HBASE-12053:
-------------------------------------
Summary: SecurityBulkLoadEndPoint set 777 permission on input data
files
Key: HBASE-12053
URL: https://issues.apache.org/jira/browse/HBASE-12053
Project: HBase
Issue Type: Bug
Reporter: Jeffrey Zhong
Assignee: Jeffrey Zhong
We have code in SecureBulkLoadEndpoint#secureBulkLoadHFiles
{code}
LOG.trace("Setting permission for: " + p);
fs.setPermission(p, PERM_ALL_ACCESS);
{code}
This is against the point we use staging folder for secure bulk load. Currently
we create a hidden staging folder which has ALL_ACCESS permission and we use
"doAs" to move input files into staging folder. Therefore, we should not set
777 permission on the original input data files but files in staging folder
after move.
This may comprise security setting especially when there is an error & we move
the file with 777 permission back.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
