[
https://issues.apache.org/jira/browse/HBASE-27545?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Zhang Dongsheng updated HBASE-27545:
Description:
In the start function of SecureBulkLoadManager, there is the following code
segment
{code:java}
public void start() throws IOException {
..
fs = FileSystem.get(conf);
baseStagingDir = new Path(CommonFSUtils.getRootDir(conf),
HConstants.BULKLOAD_STAGING_DIR_NAME);
..
if (!fs.exists(baseStagingDir)) {
fs.mkdirs(baseStagingDir, PERM_HIDDEN);
}
}
{code}
It can be seen that the run function will use the mkdirs to create the path
when baseStagingDir does not exist, and the parameters passed in include the
path variable baseStagingDir and a permission 700. But we haven't confirmed
whether the permission is correctly assigned to the file.
The above question is raised because there are two mkdir functions of hadoop,
namely
{code:java}
mkdirs(Path f, FsPermission permission)
{code}
and
{code:java}
mkdirs(FileSystem fs, Path dir, FsPermission permission)
{code}
, and the first one is used here. The permissions of this function will be
affected by the underlying umask. Although 700 here will hardly be affected by
umask, but I think from a rigorous point of view, we should have one more
permission check and permission grant here.
was:
In the start function of SecureBulkLoadManager, there is the following code
segment
{code:java}
public void start() throws IOException {
fs = FileSystem.get(conf);
baseStagingDir = new Path(CommonFSUtils.getRootDir(conf),
HConstants.BULKLOAD_STAGING_DIR_NAME);
if (conf.get("hbase.bulkload.staging.dir") != null) {
LOG.warn("hbase.bulkload.staging.dir " + " is deprecated. Bulkload
staging directory is "
+ baseStagingDir);
}
if (!fs.exists(baseStagingDir)) {
fs.mkdirs(baseStagingDir, PERM_HIDDEN);
}
}
{code}
> Ensure that the baseStagingDir created by SecureBulkLoadManager has the
> correct permissions
> ---
>
> Key: HBASE-27545
> URL: https://issues.apache.org/jira/browse/HBASE-27545
> Project: HBase
> Issue Type: Improvement
> Components: regionserver
>Reporter: Zhang Dongsheng
>Priority: Minor
>
> In the start function of SecureBulkLoadManager, there is the following code
> segment
> {code:java}
> public void start() throws IOException {
> ..
> fs = FileSystem.get(conf);
> baseStagingDir = new Path(CommonFSUtils.getRootDir(conf),
> HConstants.BULKLOAD_STAGING_DIR_NAME);
> ..
> if (!fs.exists(baseStagingDir)) {
> fs.mkdirs(baseStagingDir, PERM_HIDDEN);
> }
> }
> {code}
> It can be seen that the run function will use the mkdirs to create the path
> when baseStagingDir does not exist, and the parameters passed in include the
> path variable baseStagingDir and a permission 700. But we haven't confirmed
> whether the permission is correctly assigned to the file.
> The above question is raised because there are two mkdir functions of hadoop,
> namely
> {code:java}
> mkdirs(Path f, FsPermission permission)
> {code}
> and
> {code:java}
> mkdirs(FileSystem fs, Path dir, FsPermission permission)
> {code}
> , and the first one is used here. The permissions of this function will be
> affected by the underlying umask. Although 700 here will hardly be affected
> by umask, but I think from a rigorous point of view, we should have one more
> permission check and permission grant here.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
