HBase
  1. HBase
  2. HBASE-5526

Configurable file and directory based umask

    Details

    • Type: New Feature New Feature
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 0.94.0
    • Component/s: regionserver
    • Labels:
      None
    • Hadoop Flags:
      Reviewed

      Description

      Currently many all the files created by the HBase user are just written using the default file permissions granted by hdfs. However, to ensure only the correct user/group views the files and directories, we need to be able to apply a configurable umask to either directories or files.

      This ticket covers setting permissions for files written to dfs, as opposed to things like pid and log files.

      The impetus for this was to allow the web-user to view the directory structure of hbase, but not to actually see any of the actual data hbase is storing.

      1. java_HBASE-5526-v7.patch
        12 kB
        Jesse Yates
      2. java_HBASE-5526-v5.patch
        14 kB
        Jesse Yates
      3. java_HBASE-5526-v3.patch
        21 kB
        Jesse Yates
      4. java_HBASE-5526-v2.patch
        93 kB
        Jesse Yates
      5. java_HBASE-5526.patch
        77 kB
        Jesse Yates
      1.
      Apply custom umask to HLog Sub-task Resolved Unassigned
       

        Activity

        Jesse Yates created issue -
        Jesse Yates made changes -
        Field Original Value New Value
        Attachment java_HBASE-5526.patch [ 12517179 ]
        Jesse Yates made changes -
        Attachment java_HBASE-5526-v2.patch [ 12517352 ]
        Jesse Yates made changes -
        Summary Optional file permission settings Configurable file and directory based umask
        Description Currently many all the files created by the HBase user are just written using the default file permissions granted by hdfs. However, it is often times adventageous to only allow a subset of the world to view the actual data written by hbase when scanning the raw hdfs files.

        This ticket covers setting permissions for files written to hdfs that are storing actual user data, as opposed to _all_ files written to hdfs as many of them contain non-identifiable metadata.
        Currently many all the files created by the HBase user are just written using the default file permissions granted by hdfs. However, to ensure only the correct user/group views the files and directories, we need to be able to apply a configurable umask to either directories or files.

        This ticket covers setting permissions for files written to dfs, as opposed to things like pid and log files.

        The impetus for this was to allow the web-user to view the directory structure of hbase, but not to actually see any of the actual data hbase is storing.
        Jesse Yates made changes -
        Attachment java_HBASE-5526-v3.patch [ 12517519 ]
        Jesse Yates made changes -
        Attachment java_HBASE-5526-v5.patch [ 12517610 ]
        Jesse Yates made changes -
        Status Open [ 1 ] Patch Available [ 10002 ]
        Jesse Yates made changes -
        Attachment java_HBASE-5526-v7.patch [ 12517616 ]
        Lars Hofhansl made changes -
        Status Patch Available [ 10002 ] Resolved [ 5 ]
        Hadoop Flags Reviewed [ 10343 ]
        Resolution Fixed [ 1 ]
        Lars Hofhansl made changes -
        Status Resolved [ 5 ] Closed [ 6 ]

          People

          • Assignee:
            Jesse Yates
            Reporter:
            Jesse Yates
          • Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved:

              Development