zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jordan Zimmerman (JIRA)" <j...@apache.org>
Subject [jira] [Created] (ZOOKEEPER-2779) Add option to not set ACL for reconfig node
Date Tue, 09 May 2017 14:04:04 GMT
Jordan Zimmerman created ZOOKEEPER-2779:

             Summary: Add option to not set ACL for reconfig node
                 Key: ZOOKEEPER-2779
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2779
             Project: ZooKeeper
          Issue Type: Improvement
          Components: server
    Affects Versions: 3.5.3
            Reporter: Jordan Zimmerman
            Assignee: Jordan Zimmerman
             Fix For: 3.5.4, 3.6.0

ZOOKEEPER-2014 changed the behavior of the /zookeeper/config node by setting the ACL to {{ZooDefs.Ids.READ_ACL_UNSAFE}}.
This change makes it very cumbersome to use the reconfig APIs. It also, perversely, makes
security worse as the ZooKeeper instance must be opened to "super" user while enabled reconfig
(per {{ReconfigExceptionTest.java}}). Provide a mechanism for savvy users to disable this
ACL so that an application-specific custom ACL can be set.

This message was sent by Atlassian JIRA

View raw message