[
https://issues.apache.org/jira/browse/HBASE-12053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14143987#comment-14143987
]
Enis Soztutar commented on HBASE-12053:
---------------------------------------
This looks good to me.
{code}
+ if (!FSHDFSUtils.isSameHdfs(conf, srcFs, fs)) {
+ // files are copied so no need to move them back
+ return;
+ }
{code}
Should we also delete the staging files?
Ping [~toffer].
> SecurityBulkLoadEndPoint set 777 permission on input data files
> ----------------------------------------------------------------
>
> Key: HBASE-12053
> URL: https://issues.apache.org/jira/browse/HBASE-12053
> Project: HBase
> Issue Type: Bug
> Reporter: Jeffrey Zhong
> Assignee: Jeffrey Zhong
> Fix For: 2.0.0, 0.98.7, 0.99.1
>
> Attachments: HBASE-12053.patch
>
>
> We have code in SecureBulkLoadEndpoint#secureBulkLoadHFiles
> {code}
> LOG.trace("Setting permission for: " + p);
> fs.setPermission(p, PERM_ALL_ACCESS);
> {code}
> This is against the point we use staging folder for secure bulk load.
> Currently we create a hidden staging folder which has ALL_ACCESS permission
> and we use "doAs" to move input files into staging folder. Therefore, we
> should not set 777 permission on the original input data files but files in
> staging folder after move.
> This may comprise security setting especially when there is an error & we
> move the file with 777 permission back.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
