accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Christopher Tubbs (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ACCUMULO-3557) No write ACL set on /accumulo/instances/...
Date Thu, 05 Feb 2015 00:08:35 GMT

    [ https://issues.apache.org/jira/browse/ACCUMULO-3557?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14306268#comment-14306268
] 

Christopher Tubbs commented on ACCUMULO-3557:
---------------------------------------------

Restricting write access would be difficult, since the whole point of this name-to-id mapping
paradigm was so somebody could easily re-initialize an instance with the same name, without
clobbering an existing instance. And, the new instance could have a different instance secret,
so what ACL do we use?

Personally, I find this to be quite frustrating, and I would prefer to eliminate this mapping
entirely. I'd rather make the instance name the unique instance identifier ({{/accumulo/<instanceName>/}})
and eliminate the separate instance id. That would make this issue go away, because it'd be
clear that the ACL to use would be the one (and only one) instance uniquely identified by
that name. We could still have a unique id, to distinguish between two instances of the same
name, and even to find instances by id, but eliminating this mapping would mean that the id
could just be a child attribute of the znode instead ({{/accumulo/<instanceName>/<id>}}).

FWIW, Accumulo services themselves don't use the instanceName to look up the instance. The
risks here are how it affects clients.

> No write ACL set on /accumulo/instances/...
> -------------------------------------------
>
>                 Key: ACCUMULO-3557
>                 URL: https://issues.apache.org/jira/browse/ACCUMULO-3557
>             Project: Accumulo
>          Issue Type: Improvement
>          Components: zookeeper
>            Reporter: Josh Elser
>            Priority: Critical
>             Fix For: 1.7.0
>
>
> It's common for users to have four "arguments" to make a connection to Accumulo: zookeeper
quorum string, instance name, username and password.
> The instance name is used to find the instanceID using {{/accumulo/instances/...}} in
ZooKeeper. It appears that anyone can write in the {{/accumulo/instances}} ZNode. This seems
suspect, because any unauthenticated user can alter the state of ZooKeeper and break users
connecting to Accumulo or force them to connect to a different Accumulo instance.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message