[ZOOKEEPER-2595] znode created with acl enabled on it can be deleted by any unauthorised user, when it has no child znodes - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Open
Priority: Major
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: None
Labels:
None

Description

user1 sets ACL on one znode for user 2
example :
create /xyz data sasl:user2/xyz@XYZ.COM:cdr

now user3 can login to zkCli and delete /xyz if it has no children nodes, even when it does not have access

Attachments

Activity

People

Assignee:: Unassigned

Reporter:: Neha Bathra

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 20/Sep/16 13:13

Updated:: 20/Sep/16 13:15