[HBASE-12053] SecurityBulkLoadEndPoint set 777 permission on input data files - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 0.98.9, 0.99.2
Component/s: None
Labels:
None

Hadoop Flags:

Reviewed

Description

We have code in SecureBulkLoadEndpoint#secureBulkLoadHFiles

              LOG.trace("Setting permission for: " + p);
              fs.setPermission(p, PERM_ALL_ACCESS);

This is against the point we use staging folder for secure bulk load. Currently we create a hidden staging folder which has ALL_ACCESS permission and we use "doAs" to move input files into staging folder. Therefore, we should not set 777 permission on the original input data files but files in staging folder after move.

This may comprise security setting especially when there is an error & we move the file with 777 permission back.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HBASE-12053.patch
22/Sep/14 18:46
3 kB
Jeffrey Zhong

Activity

People

Assignee:: Jeffrey Zhong

Reporter:: Jeffrey Zhong

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 22/Sep/14 18:13

Updated:: 06/Apr/18 17:55

Resolved:: 27/Nov/14 00:55