[
https://issues.apache.org/jira/browse/HBASE-5526?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13224736#comment-13224736
]
Jesse Yates commented on HBASE-5526:
------------------------------------
After talking with Lars, this most recent patch seems really heavyweight to
accomplish the original intention of not seeing data files in the jsp. As it
stands now (with either patch), we will still be able to see a lot of the
information in the hbase webui, so full scale blocking is not really gaining a
lot.
Further, we would need to ensure that _all future file or directory creation_
goes through the FSUtils tool - something that is going to quite annoying and
difficult to enforce. This also makes it slightly more of a pain later on, if
we want to add more specific umasking to the certain files as they will need to
pass in their own umask.
Instead, proposing to simplify the original patch such that we only have 2
configuration keys - enable and data.umask. The former would turn on special
umasking and the latter would initially be used when applying a umask to all
the 'data' files in hbase. This is nice in that we can later make the latter
the default value if we want to apply extra special umasking to a given file
(via a new conf key).
> Configurable file and directory based umask
> -------------------------------------------
>
> Key: HBASE-5526
> URL: https://issues.apache.org/jira/browse/HBASE-5526
> Project: HBase
> Issue Type: New Feature
> Components: regionserver
> Reporter: Jesse Yates
> Assignee: Jesse Yates
> Fix For: 0.94.0
>
> Attachments: java_HBASE-5526-v2.patch, java_HBASE-5526.patch
>
>
> Currently many all the files created by the HBase user are just written using
> the default file permissions granted by hdfs. However, to ensure only the
> correct user/group views the files and directories, we need to be able to
> apply a configurable umask to either directories or files.
> This ticket covers setting permissions for files written to dfs, as opposed
> to things like pid and log files.
> The impetus for this was to allow the web-user to view the directory
> structure of hbase, but not to actually see any of the actual data hbase is
> storing.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
