[ https://issues.apache.org/jira/browse/HBASE-12053?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14143987#comment-14143987 ]
Enis Soztutar commented on HBASE-12053: --------------------------------------- This looks good to me. {code} + if (!FSHDFSUtils.isSameHdfs(conf, srcFs, fs)) { + // files are copied so no need to move them back + return; + } {code} Should we also delete the staging files? Ping [~toffer]. > SecurityBulkLoadEndPoint set 777 permission on input data files > ---------------------------------------------------------------- > > Key: HBASE-12053 > URL: https://issues.apache.org/jira/browse/HBASE-12053 > Project: HBase > Issue Type: Bug > Reporter: Jeffrey Zhong > Assignee: Jeffrey Zhong > Fix For: 2.0.0, 0.98.7, 0.99.1 > > Attachments: HBASE-12053.patch > > > We have code in SecureBulkLoadEndpoint#secureBulkLoadHFiles > {code} > LOG.trace("Setting permission for: " + p); > fs.setPermission(p, PERM_ALL_ACCESS); > {code} > This is against the point we use staging folder for secure bulk load. > Currently we create a hidden staging folder which has ALL_ACCESS permission > and we use "doAs" to move input files into staging folder. Therefore, we > should not set 777 permission on the original input data files but files in > staging folder after move. > This may comprise security setting especially when there is an error & we > move the file with 777 permission back. -- This message was sent by Atlassian JIRA (v6.3.4#6332)