zookeeper-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Mohammad Arshad (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (ZOOKEEPER-2591) The deletion of Container znode doesn't check ACL delete permission
Date Tue, 04 Jul 2017 05:31:00 GMT

    [ https://issues.apache.org/jira/browse/ZOOKEEPER-2591?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16073119#comment-16073119
] 

Mohammad Arshad commented on ZOOKEEPER-2591:
--------------------------------------------

Adding  "node.stat.getCversion() > 0" check makes sense to me. anybody submitting patch?
I will review it.

> The deletion of Container znode doesn't check ACL delete permission
> -------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-2591
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2591
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: security, server
>            Reporter: Edward Ribeiro
>            Assignee: Edward Ribeiro
>
> Container nodes check the ACL before creation, but the deletion doesn't check  the ACL
rights. The code below succeeds even tough we removed ACL access permissions for "/a".
> {code}
>         zk.create("/a", null, Ids.OPEN_ACL_UNSAFE, CreateMode.CONTAINER);
>         ArrayList<ACL> list = new ArrayList<>();
>         list.add(new ACL(0, Ids.ANYONE_ID_UNSAFE));
>         zk.setACL("/", list, -1);
>         zk.delete("/a", -1);
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message