[jira] [Commented] (HBASE-5714) Add write permissions check before any hbck run that modifies hdfs.

Sat, 18 Aug 2012 08:59:39 -0700 

    [ 
https://issues.apache.org/jira/browse/HBASE-5714?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13437353#comment-13437353
 ] 

liang xie commented on HBASE-5714:
----------------------------------

Sorry for no new test-case attached,i'm still a very newbie for HBase project:)
I tested as following steps:
1) run as an under-privileged user on base code, issue this command : "hbase 
org.apache.hadoop.hbase.util.hbck.OfflineMetaRepair", it failed after several 
read-only operations

2) apply this patch, rerun , got the fast-fail as expected :
12/08/18 23:37:21 WARN util.HBaseFsck: Got AccessControlException when 
preCheckPermission
org.apache.hadoop.security.AccessControlException: Permission denied: 
action=WRITE path=hdfs://10.235.2.121:9000/hbase/-ROOT- user=xiaomi
        at org.apache.hadoop.hbase.util.FSUtils.checkAccess(FSUtils.java:1064)
        at 
org.apache.hadoop.hbase.util.HBaseFsck.preCheckPermission(HBaseFsck.java:1184)
        at 
org.apache.hadoop.hbase.util.hbck.OfflineMetaRepair.main(OfflineMetaRepair.java:97)
Current user xiaomi does not have write perms to 
hdfs://10.235.2.121:9000/hbase/-ROOT-. Please rerun hbck as hdfs user root
                
> Add write permissions check before any hbck run that modifies hdfs.
> -------------------------------------------------------------------
>
>                 Key: HBASE-5714
>                 URL: https://issues.apache.org/jira/browse/HBASE-5714
>             Project: HBase
>          Issue Type: Sub-task
>          Components: hbck
>    Affects Versions: 0.90.6, 0.92.2, 0.94.0, 0.96.0
>            Reporter: Jonathan Hsieh
>         Attachments: HBASE-5628.patch
>
>
> We encoutered a situation where hbck was run by an under-privileged user that 
> was unable to write/modify/merge regions due to hdfs perms.  Unfortunately, 
> this user was alerted of this  after several minutes of read-only operations. 
>  hbck should fail early by having a write perm check and providing actionable 
> advice to the hbase admin.
> Maybe something like: "Current user yy does not have write perms to <hbase 
> home>. Please run hbck as hdfs user xxx"

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to