[HBASE-14425] In Secure Zookeeper cluster superuser will not have sufficient permission if multiple values are configured in "hbase.superuser" - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 1.2.0, 1.3.0, 0.98.17, 2.0.0
Component/s: security, Zookeeper
Labels:
None

Hadoop Flags:

Reviewed

Description

During master intialization we are setting ACLs for the znodes.

In ZKUtil.createACL(ZooKeeperWatcher zkw, String node, boolean isSecureZooKeeper),

      String superUser = zkw.getConfiguration().get("hbase.superuser");
      ArrayList<ACL> acls = new ArrayList<ACL>();
      // add permission to hbase supper user
      if (superUser != null) {
        acls.add(new ACL(Perms.ALL, new Id("auth", superUser)));
      }

Here we are directly setting "hbase.superuser" value to Znode which will cause an issue when multiple values are configured. In "hbase.superuser" multiple superusers and supergroups can be configured separated by comma. We need to iterate them and set ACL.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

HBASE-14425-V2.patch
21/Oct/15 12:06
10 kB
Pankaj Kumar
HBASE-14425-V2.patch
20/Oct/15 10:19
10 kB
Pankaj Kumar
HBASE-14425.patch
15/Sep/15 09:49
7 kB
Pankaj Kumar

Activity

People

Assignee:: Pankaj Kumar

Reporter:: Pankaj Kumar

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Dates

Created:: 14/Sep/15 13:01

Updated:: 01/Jul/22 21:27

Resolved:: 28/Oct/15 00:06