lucene-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ishan Chattopadhyaya (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SOLR-8792) ZooKeeper ACL not restricting access to zkcli
Date Wed, 27 Apr 2016 18:33:12 GMT

    [ https://issues.apache.org/jira/browse/SOLR-8792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15260688#comment-15260688
] 

Ishan Chattopadhyaya commented on SOLR-8792:
--------------------------------------------

Can someone please review and commit this? Without this fix, ACL support is broken from user
perspective. I think this should also be backported to 5x, and possibly be included in 5.5.1.


Here's a video demonstration of the fix and the steps above (which should be documented in
the ref guide): https://www.youtube.com/watch?v=Sl9R_cVI27o

> ZooKeeper ACL not restricting access to zkcli
> ---------------------------------------------
>
>                 Key: SOLR-8792
>                 URL: https://issues.apache.org/jira/browse/SOLR-8792
>             Project: Solr
>          Issue Type: Bug
>          Components: Authentication, documentation
>    Affects Versions: 5.0
>            Reporter: Esther Quansah
>              Labels: acl, authentication, security, zkcli, zkcli.sh, zookeeper
>         Attachments: SOLR-8792.patch
>
>
> The documentation presented here: https://cwiki.apache.org/confluence/display/solr/ZooKeeper+Access+Control
> details the process of securing Solr content in ZooKeeper using ACLs. In the example
usages, it is mentioned that access to zkcli can be restricted by adding credentials to the
zkcli.sh script in addition to adding the appropriate classnames to solr.xml. With the scripts
in zkcli.sh, another machine should not be able to read or write from the host ZK without
the necessary credentials. At this time, machines are able to read/write from the host ZK
with or without these credentials.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org


Mime
View raw message