zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Flavio Junqueira (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ZOOKEEPER-2779) Add option to not set ACL for reconfig node
Date Thu, 01 Jun 2017 14:25:04 GMT

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-2779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16033055#comment-16033055
] 

Flavio Junqueira commented on ZOOKEEPER-2779:
---------------------------------------------

I'm sorry for jumping in late, but just so that I understand. If the problem is that we want
to give the application the ability of setting a specific ACL without having an initial window
of vulnerability, then would it be possible to have a parameter that sets that ACL rather
a parameter that skips the default? A parameter that skips the default works, but sounds a
bit hacky.

> Add option to not set ACL for reconfig node
> -------------------------------------------
>
>                 Key: ZOOKEEPER-2779
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2779
>             Project: ZooKeeper
>          Issue Type: Improvement
>          Components: server
>    Affects Versions: 3.5.3
>            Reporter: Jordan Zimmerman
>            Assignee: Jordan Zimmerman
>             Fix For: 3.5.4, 3.6.0
>
>
> ZOOKEEPER-2014 changed the behavior of the /zookeeper/config node by setting the ACL
to {{ZooDefs.Ids.READ_ACL_UNSAFE}}. This change makes it very cumbersome to use the reconfig
APIs. It also, perversely, makes security worse as the entire ZooKeeper instance must be opened
to "super" user while enabled reconfig (per {{ReconfigExceptionTest.java}}). Provide a mechanism
for savvy users to disable this ACL so that an application-specific custom ACL can be set.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message