[
https://issues.apache.org/jira/browse/HBASE-12053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14227180#comment-14227180
]
Hudson commented on HBASE-12053:
--------------------------------
SUCCESS: Integrated in HBase-1.0 #512 (See
[https://builds.apache.org/job/HBase-1.0/512/])
HBASE-12053: SecurityBulkLoadEndPoint set 777 permission on input data files
(jeffreyz: rev def45c2185a3c8d042787190d0c4e382269d7571)
*
hbase-server/src/main/java/org/apache/hadoop/hbase/security/access/SecureBulkLoadEndpoint.java
> SecurityBulkLoadEndPoint set 777 permission on input data files
> ----------------------------------------------------------------
>
> Key: HBASE-12053
> URL: https://issues.apache.org/jira/browse/HBASE-12053
> Project: HBase
> Issue Type: Bug
> Reporter: Jeffrey Zhong
> Assignee: Jeffrey Zhong
> Fix For: 2.0.0, 0.98.9, 0.99.2
>
> Attachments: HBASE-12053.patch
>
>
> We have code in SecureBulkLoadEndpoint#secureBulkLoadHFiles
> {code}
> LOG.trace("Setting permission for: " + p);
> fs.setPermission(p, PERM_ALL_ACCESS);
> {code}
> This is against the point we use staging folder for secure bulk load.
> Currently we create a hidden staging folder which has ALL_ACCESS permission
> and we use "doAs" to move input files into staging folder. Therefore, we
> should not set 777 permission on the original input data files but files in
> staging folder after move.
> This may comprise security setting especially when there is an error & we
> move the file with 777 permission back.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
