[ZOOKEEPER-1782] zookeeper.superUser is not as super as superDigest - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 3.4.5
Fix Version/s: 3.5.4, 3.6.0
Component/s: None
Labels:
None

Description

The zookeeper.superUser system property does not fully grant super user privileges, like zookeeper.DigestAuthenticationProvider.superDigest does.

zookeeper.superUser only has as many privileges as the sasl ACLs on the znode being accessed. This means that if a znode only has digest ACLs zookeeper.superUser is ignored. Or if a znode has a single sasl ACL that only has read privileges zookeeper.superUser only has read privileges.

The reason for this is that SASLAuthenticationProvider implements the superUser check in the matches method, instead of having the super user include a new Id("super","") as Digest does.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

zk-1782.patch
04/Oct/13 18:27
2 kB
Robert Joseph Evans
zk-1782.patch
04/Oct/13 19:39
7 kB
Robert Joseph Evans

Issue Links

links to

GitHub Pull Request #282

Activity

People

Assignee:: Robert Joseph Evans

Reporter:: Robert Joseph Evans

Votes:: 1 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 04/Oct/13 18:24

Updated:: 23/Jun/17 17:45

Resolved:: 23/Jun/17 16:40