[
https://issues.apache.org/jira/browse/HBASE-27545?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Zhang Dongsheng reassigned HBASE-27545:
---------------------------------------
Assignee: Zhang Dongsheng
> Ensure that the baseStagingDir created by SecureBulkLoadManager has the
> correct permissions
> -------------------------------------------------------------------------------------------
>
> Key: HBASE-27545
> URL: https://issues.apache.org/jira/browse/HBASE-27545
> Project: HBase
> Issue Type: Improvement
> Components: regionserver
> Reporter: Zhang Dongsheng
> Assignee: Zhang Dongsheng
> Priority: Minor
>
> In the start function of SecureBulkLoadManager, there is the following code
> segment
> {code:java}
> public void start() throws IOException {
> ......
> fs = FileSystem.get(conf);
> baseStagingDir = new Path(CommonFSUtils.getRootDir(conf),
> HConstants.BULKLOAD_STAGING_DIR_NAME);
> ......
> if (!fs.exists(baseStagingDir)) {
> fs.mkdirs(baseStagingDir, PERM_HIDDEN);
> }
> }
> {code}
> It can be seen that the run function will use the mkdirs to create the path
> when baseStagingDir does not exist, and the parameters passed in include the
> path variable baseStagingDir and a permission 700. But we haven't confirmed
> whether the permission is correctly assigned to the file.
> The above question is raised because there are two mkdir functions of hadoop,
> namely
> {code:java}
> mkdirs(Path f, FsPermission permission)
> {code}
> and
> {code:java}
> mkdirs(FileSystem fs, Path dir, FsPermission permission)
> {code}
> , and the first one is used here. The permissions of this function will be
> affected by the underlying umask. Although 700 here will hardly be affected
> by umask, but I think from a rigorous point of view, we should have one more
> permission check and permission grant here.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
