[
https://issues.apache.org/jira/browse/HBASE-9417?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Enis Soztutar updated HBASE-9417:
---------------------------------
Description:
In unsecure bulk loading, the client creates the files to be bulk loaded, and
asks the regionservers to do the operation. Bulk loading is performed by a
move, which would mean that the hbase user has to have WRITE permissions for
the bulk loaded files. If the client who has generated the files is different
than the hbase user, this creates an access denied exception if complete bulk
load is not run as the hbase user.
I think even for unsecure mode, we should mimic what SecureBulkLoadEndpoint
does, where hbase creates a staging directory and the client hands off the
files to that directory with global perms.
Update: Now that HBASE-12052 enables running SecureBulkLoadEndpoint even in
unsecure deployments, we should consider bringing SecureBulkLoad into core
HBase (meaning implement the functionality in RegionServer instead of in the
coprocessor).
was:
In unsecure bulk loading, the client creates the files to be bulk loaded, and
asks the regionservers to do the operation. Bulk loading is performed by a
move, which would mean that the hbase user has to have WRITE permissions for
the bulk loaded files. If the client who has generated the files is different
than the hbase user, this creates an access denied exception if complete bulk
load is not run as the hbase user.
I think even for unsecure mode, we should mimic what SecureBulkLoadEndpoint
does, where hbase creates a staging directory and the client hands off the
files to that directory with global perms.
> SecureBulkLoadEndpoint should be folded in core
> -----------------------------------------------
>
> Key: HBASE-9417
> URL: https://issues.apache.org/jira/browse/HBASE-9417
> Project: HBase
> Issue Type: Bug
> Components: regionserver, security
> Reporter: Enis Soztutar
> Fix For: 2.0.0
>
>
> In unsecure bulk loading, the client creates the files to be bulk loaded, and
> asks the regionservers to do the operation. Bulk loading is performed by a
> move, which would mean that the hbase user has to have WRITE permissions for
> the bulk loaded files. If the client who has generated the files is different
> than the hbase user, this creates an access denied exception if complete bulk
> load is not run as the hbase user.
> I think even for unsecure mode, we should mimic what SecureBulkLoadEndpoint
> does, where hbase creates a staging directory and the client hands off the
> files to that directory with global perms.
> Update: Now that HBASE-12052 enables running SecureBulkLoadEndpoint even in
> unsecure deployments, we should consider bringing SecureBulkLoad into core
> HBase (meaning implement the functionality in RegionServer instead of in the
> coprocessor).
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
