Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-18323

Remove multiple ACLs for the same user in kerberos

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • 1.2.0, 3.0.0-alpha-1
    • 1.4.0, 2.0.0
    • None
    • None
    • Reviewed

    Description

      When deploy hbase in kerberos way ,there will be multiple acls in znode :
      'world,'anyone
      : r
      'sasl,'hbase
      : cdrwa
      'sasl,'hbase
      : cdrwa

      I also see the related issue and apply the patch, like https://issues.apache.org/jira/browse/HBASE-17717
      but in my environment ,this situation still appear,

      After dig into the code , i found the reason in source code ZKUtil.createAcl is

      if (zkw.isClientReadable(node))

      { LOG.error("isSecureZooKeeper user: clientReadable"); acls.addAll(Ids.CREATOR_ALL_ACL); acls.addAll(Ids.READ_ACL_UNSAFE); }

      else

      { LOG.error("isSecureZooKeeper user: clientReadable no"); acls.addAll(Ids.CREATOR_ALL_ACL); }

      acls.addAll(Ids.CREATOR_ALL_ACL);

      Id AUTH_IDS = new Id("auth", "");

      ArrayList<ACL> CREATOR_ALL_ACL = new ArrayList(Collections.singletonList(new ACL(31, AUTH_IDS)));

      AUTH_IDS with "auth " will result current connection auth user add to znode acl ,
      so it will appear multiple acls for same users.

      I think this line of code we can remove : acls.addAll(Ids.CREATOR_ALL_ACL);

      Attachments

        1. HBASE-18323-V5.patch
          5 kB
          Shibin Zhang
        2. HBASE-18323-V4.patch
          5 kB
          Shibin Zhang
        3. HBASE-18323-V3.patch
          3 kB
          Shibin Zhang
        4. HBASE-18323-V2.patch
          3 kB
          Shibin Zhang
        5. HBASE-18323.patch
          1 kB
          Shibin Zhang

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. HBASE-17717 Incorrect ZK ACL set for HBase superuser

          • Critical - Crashes, loss of data, severe memory leak.
          • Resolved

          Activity

            People

              zhangshibin Shibin Zhang
              zhangshibin Shibin Zhang
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: