[jira] [Resolved] (HBASE-12053) SecurityBulkLoadEndPoint set 777 permission on input data files

Jeffrey Zhong (JIRA) Wed, 26 Nov 2014 16:56:40 -0800

     [ 
https://issues.apache.org/jira/browse/HBASE-12053?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Jeffrey Zhong resolved HBASE-12053.
-----------------------------------
      Resolution: Fixed
    Hadoop Flags: Reviewed

Thanks for the comments! I've integrated the fix into 0.98,0.99 & master 
branches.

> SecurityBulkLoadEndPoint set 777 permission on input data files 
> ----------------------------------------------------------------
>
>                 Key: HBASE-12053
>                 URL: https://issues.apache.org/jira/browse/HBASE-12053
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Jeffrey Zhong
>            Assignee: Jeffrey Zhong
>             Fix For: 2.0.0, 0.98.9, 0.99.2
>
>         Attachments: HBASE-12053.patch
>
>
> We have code in SecureBulkLoadEndpoint#secureBulkLoadHFiles
> {code}
>               LOG.trace("Setting permission for: " + p);
>               fs.setPermission(p, PERM_ALL_ACCESS);
> {code}
> This is against the point we use staging folder for secure bulk load. 
> Currently we create a hidden staging folder which has ALL_ACCESS permission 
> and we  use "doAs" to move input files into staging folder. Therefore, we 
> should not set 777 permission on the original input data files but files in 
> staging folder after move. 
> This may comprise security setting especially when there is an error & we 
> move the file with 777 permission back. 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Resolved] (HBASE-12053) SecurityBulkLoadEndPoint set 777 permission on input data files

Reply via email to