hbase-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Andrew Purtell (JIRA)" <j...@apache.org>
Subject [jira] [Reopened] (HBASE-13769) Some ZK ACLs are unnecessarily permissive
Date Tue, 26 May 2015 20:33:28 GMT

     [ https://issues.apache.org/jira/browse/HBASE-13769?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Andrew Purtell reopened HBASE-13769:
------------------------------------

bq. - table/ : I think this is needed to be world readable since clients check the table status
in locate region in Connection (to check if table is disabled)
This should not be allowed. Any client API that does this can be fixed to query meta or ask
the master. Agree we can handle this as a separate case.
bq. - rs/      : ZooKeeperRegistry uses it. And my understanding is that ConnectionImpl.getCurrentNrHRS()
uses it. Seems like this should instead work over getClusterStatus() instead of this.
This should not be allowed. Any client API that does this should be fixed to ask the master.
Also agree this can be a separate issue.
bq. - backup-masters/   : I could not find why this is needed to be client-visible.
Let's handle on HBASE-13768
bq.  - region-in-transition/ : I could not find why this is needed to be client-visible
Let's handle on HBASE-13768


> Some ZK ACLs are unnecessarily permissive
> -----------------------------------------
>
>                 Key: HBASE-13769
>                 URL: https://issues.apache.org/jira/browse/HBASE-13769
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Andrew Purtell
>            Priority: Critical
>
> Some ZK ACLs are unnecessarily permissive. We can remove permissions for 'world' on backup-masters/,
region-in-transition/, rs/, and table/.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message