[jira] [Updated] (HBASE-12053) SecurityBulkLoadEndPoint set 777 permission on input data files

Andrew Purtell (JIRA) Mon, 06 Oct 2014 23:23:47 -0700

     [ 
https://issues.apache.org/jira/browse/HBASE-12053?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Andrew Purtell updated HBASE-12053:
-----------------------------------
    Fix Version/s:     (was: 0.98.7)
                   0.98.8

> SecurityBulkLoadEndPoint set 777 permission on input data files 
> ----------------------------------------------------------------
>
>                 Key: HBASE-12053
>                 URL: https://issues.apache.org/jira/browse/HBASE-12053
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Jeffrey Zhong
>            Assignee: Jeffrey Zhong
>             Fix For: 2.0.0, 0.98.8, 0.99.1
>
>         Attachments: HBASE-12053.patch
>
>
> We have code in SecureBulkLoadEndpoint#secureBulkLoadHFiles
> {code}
>               LOG.trace("Setting permission for: " + p);
>               fs.setPermission(p, PERM_ALL_ACCESS);
> {code}
> This is against the point we use staging folder for secure bulk load. 
> Currently we create a hidden staging folder which has ALL_ACCESS permission 
> and we  use "doAs" to move input files into staging folder. Therefore, we 
> should not set 777 permission on the original input data files but files in 
> staging folder after move. 
> This may comprise security setting especially when there is an error & we 
> move the file with 777 permission back. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Updated] (HBASE-12053) SecurityBulkLoadEndPoint set 777 permission on input data files

Reply via email to