[DRILL-5671] Set secure ACLs (Access Control List) for Drill ZK nodes in a secure cluster - ASF JIRA

XML

Word

Printable

JSON

Details

Type: New Feature
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.15.0
Component/s: Server
Labels:
- doc-complete
- ready-to-commit

Description

All Drill ZK nodes, currently, are assigned a default [world:all] ACL i.e. anyone gets to do CDRWA(create, delete, read, write, admin access). This means that even on a secure cluster anyone can perform all CRDWA actions on the znodes.

This should be changed such that:

In a non-secure cluster, Drill will continue using the current default [world:all] ACL

In a secure cluster, all nodes should have an [authid: all] ACL i.e. the authenticated user that created the znode gets full access. The discovery znodes i.e. the znodes with the list of Drillbits will have an additional [world:read] ACL, i.e. the list of Drillbits will be readable by anyone.

Attachments

Issue Links

links to

GitHub Pull Request #875

GitHub Pull Request #1467

Activity

People

Assignee:: Karthikeyan Manivannan

Reporter:: Karthikeyan Manivannan

Reviewer:: Sorabh Hamirwasia

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 13/Jul/17 02:08

Updated:: 19/Dec/18 04:31

Resolved:: 16/Nov/18 00:34