accumulo-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Keith Turner (JIRA)" <>
Subject [jira] [Commented] (ACCUMULO-3557) No write ACL set on /accumulo/instances/...
Date Thu, 05 Feb 2015 17:38:37 GMT


Keith Turner commented on ACCUMULO-3557:

For any changes made, it would be nice to preserve the current behavior that clients started
before init will fail after init.  This helps avoid following situation which is problematic.
 Currently the client write will fail because the instance id is different.

 * Client_1 starts using instance name foo (instance id:8)
 * Client_1 starts writing to table bar (table id 7)
 * 1 week passes
 * Accumulo is shutdown, deleted and reinitialized with name foo, new instance id is 9
 * Create table bar (table id 4)
 * Create table bigt3 (table id 7)
 * Client_1 starts writing to bigt3 (instead of bar)

> No write ACL set on /accumulo/instances/...
> -------------------------------------------
>                 Key: ACCUMULO-3557
>                 URL:
>             Project: Accumulo
>          Issue Type: Improvement
>          Components: zookeeper
>            Reporter: Josh Elser
>            Priority: Critical
>             Fix For: 1.7.0
> It's common for users to have four "arguments" to make a connection to Accumulo: zookeeper
quorum string, instance name, username and password.
> The instance name is used to find the instanceID using {{/accumulo/instances/...}} in
ZooKeeper. It appears that anyone can write in the {{/accumulo/instances}} ZNode. This seems
suspect, because any unauthenticated user can alter the state of ZooKeeper and break users
connecting to Accumulo or force them to connect to a different Accumulo instance.

This message was sent by Atlassian JIRA

View raw message