[ZOOKEEPER-904] super digest is not actually acting as a full superuser - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: 3.3.1
Fix Version/s: 3.3.2, 3.4.0
Component/s: server
Labels:
None

Hadoop Flags:

Reviewed

Description

The documentation states:
New in 3.2: Enables a ZooKeeper ensemble administrator to access the znode hierarchy as a "super" user. In particular no ACL checking occurs for a user authenticated as super.

However, if a super user does something like:
zk.setACL("/", Ids.READ_ACL_UNSAFE, -1);

the super user is now bound by read-only ACL. This is not what I would expect to see given the documentation. It can be fixed by moving the chec for the "super" authId in PrepRequestProcessor.checkACL to before the for(ACL a : acl) loop.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

ZOOKEEPER-904-332.patch
25/Oct/10 18:46
2 kB
Camille Fournier
ZOOKEEPER-904.patch
22/Oct/10 18:03
2 kB
Camille Fournier

Activity

People

Assignee:: Camille Fournier

Reporter:: Camille Fournier

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 19/Oct/10 20:44

Updated:: 23/Nov/11 19:22

Resolved:: 26/Oct/10 22:31