Uploaded image for project: 'Solr'
  1. Solr
  2. SOLR-7889 Secure ZooKeeper should be easy and the default
  3. SOLR-7890

By default require admin rights to access /security.json in ZK

    XMLWordPrintableJSON

    Details

    • Type: Sub-task
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: security
    • Labels:
      None

      Description

      Perhaps VMParamsAllAndReadonlyDigestZkACLProvider should by default require admin access for read/write of /security.json, and other sensitive paths. Today this is left to the user to implement.

      Also, perhaps factor out the already-known sensitive paths into a separate class, so that various ACLProvider implementations can get a list of paths that should be admin-only, read-only etc from one central place. Then 3rd party impls pulling ZK creds from elsewhere will still do the right thing in the future if we introduce other sensitive Znodes...

        Attachments

        1. SOLR-7890.patch
          15 kB
          Jan Høydahl

          Issue Links

            Activity

              People

              • Assignee:
                janhoy Jan Høydahl
                Reporter:
                janhoy Jan Høydahl
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: