[
https://issues.apache.org/jira/browse/HBASE-12053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14227170#comment-14227170
]
Hudson commented on HBASE-12053:
--------------------------------
FAILURE: Integrated in HBase-TRUNK #5830 (See
[https://builds.apache.org/job/HBase-TRUNK/5830/])
HBASE-12053: SecurityBulkLoadEndPoint set 777 permission on input data files
(jeffreyz: rev b2cdeacc8cb153eebfa886e5141b6e86590476e9)
*
hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/SecureBulkLoadEndpoint.java
> SecurityBulkLoadEndPoint set 777 permission on input data files
> ----------------------------------------------------------------
>
> Key: HBASE-12053
> URL: https://issues.apache.org/jira/browse/HBASE-12053
> Project: HBase
> Issue Type: Bug
> Reporter: Jeffrey Zhong
> Assignee: Jeffrey Zhong
> Fix For: 2.0.0, 0.98.9, 0.99.2
>
> Attachments: HBASE-12053.patch
>
>
> We have code in SecureBulkLoadEndpoint#secureBulkLoadHFiles
> {code}
> LOG.trace("Setting permission for: " + p);
> fs.setPermission(p, PERM_ALL_ACCESS);
> {code}
> This is against the point we use staging folder for secure bulk load.
> Currently we create a hidden staging folder which has ALL_ACCESS permission
> and we use "doAs" to move input files into staging folder. Therefore, we
> should not set 777 permission on the original input data files but files in
> staging folder after move.
> This may comprise security setting especially when there is an error & we
> move the file with 777 permission back.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
