Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-2590

setACL doesn't affect exists() operation

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: None
    • Labels:

      Description

      As hinted here, even if a parent znode path has restricted READ access it's possible to issue an exists() operation on any child znode of that given path.

      For example, the snippet below doesn't throw NoAuthExceptio, even tough it removes ACL rights to "/":

              zk.create("/a", null, Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
              ArrayList<ACL> acls = new ArrayList<>();
              acls.add(new ACL(0, Ids.ANYONE_ID_UNSAFE));
      
              zk.setACL("/", acls, -1);
      
              Stat r = zk.exists("/a", false);
      

      Also, in the above example, what if the removed READ access for "/a"? Should we allow a call to exists("/a") to succeed even if it returns the znode metadata info?

        Attachments

          Activity

            People

            • Assignee:
              eribeiro Edward Ribeiro
              Reporter:
              eribeiro Edward Ribeiro
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: