hbase-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shibin Zhang (JIRA)" <j...@apache.org>
Subject [jira] [Created] (HBASE-18323) Remove multiple ACLs for the same user in kerberos
Date Wed, 05 Jul 2017 06:55:00 GMT
Shibin Zhang created HBASE-18323:

             Summary: Remove multiple ACLs for the same user in kerberos
                 Key: HBASE-18323
                 URL: https://issues.apache.org/jira/browse/HBASE-18323
             Project: HBase
          Issue Type: Bug
    Affects Versions: 3.0.0
            Reporter: Shibin Zhang
            Priority: Critical

When deploy hbase in kerberos way ,there will be multiple acls in znode :
: r
: cdrwa
: cdrwa

I also see the related issue and apply the patch, like  https://issues.apache.org/jira/browse/HBASE-17717

but in my environment ,this situation still appear,

After dig into the code , i found the reason in source code  ZKUtil.createAcl  is

 if (zkw.isClientReadable(node)) {
        LOG.error("isSecureZooKeeper user: clientReadable");
      } else {
        LOG.error("isSecureZooKeeper user: clientReadable no");

  Id AUTH_IDS = new Id("auth", "");

ArrayList<ACL> CREATOR_ALL_ACL = new ArrayList(Collections.singletonList(new ACL(31,

AUTH_IDS   with  "auth " will result  current connection auth user  add to znode acl ,
so it will appear multiple acls for same users.

I think this line of code  we can remove  :  acls.addAll(Ids.CREATOR_ALL_ACL);   

This message was sent by Atlassian JIRA

View raw message