From issues-return-1078-archive-asf-public=cust-asf.ponee.io@zookeeper.apache.org Fri Sep 6 15:44:13 2019 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [207.244.88.153]) by mx-eu-01.ponee.io (Postfix) with SMTP id 226FB180679 for ; Fri, 6 Sep 2019 17:44:12 +0200 (CEST) Received: (qmail 26501 invoked by uid 500); 7 Sep 2019 03:22:07 -0000 Mailing-List: contact issues-help@zookeeper.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@zookeeper.apache.org Delivered-To: mailing list issues@zookeeper.apache.org Received: (qmail 26320 invoked by uid 99); 7 Sep 2019 03:22:07 -0000 Received: from mailrelay1-us-west.apache.org (HELO mailrelay1-us-west.apache.org) (209.188.14.139) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 07 Sep 2019 03:22:07 +0000 Received: from jira-he-de.apache.org (static.172.67.40.188.clients.your-server.de [188.40.67.172]) by mailrelay1-us-west.apache.org (ASF Mail Server at mailrelay1-us-west.apache.org) with ESMTP id DA08BE3130 for ; Fri, 6 Sep 2019 15:44:06 +0000 (UTC) Received: from jira-he-de.apache.org (localhost.localdomain [127.0.0.1]) by jira-he-de.apache.org (ASF Mail Server at jira-he-de.apache.org) with ESMTP id 24FA778238F for ; Fri, 6 Sep 2019 15:44:03 +0000 (UTC) Date: Fri, 6 Sep 2019 15:44:03 +0000 (UTC) From: "Enrico Olivelli (Jira)" To: issues@zookeeper.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Updated] (ZOOKEEPER-2779) Add option to not set ACL for reconfig node MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 [ https://issues.apache.org/jira/browse/ZOOKEEPER-2779?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ] Enrico Olivelli updated ZOOKEEPER-2779: --------------------------------------- Fix Version/s: 3.5.7 > Add option to not set ACL for reconfig node > ------------------------------------------- > > Key: ZOOKEEPER-2779 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2779 > Project: ZooKeeper > Issue Type: Improvement > Components: server > Affects Versions: 3.5.3 > Reporter: Jordan Zimmerman > Assignee: Jordan Zimmerman > Priority: Major > Labels: pull-request-available > Fix For: 3.6.0, 3.5.6, 3.5.7 > > Time Spent: 0.5h > Remaining Estimate: 0h > > ZOOKEEPER-2014 changed the behavior of the /zookeeper/config node by setting the ACL to {{ZooDefs.Ids.READ_ACL_UNSAFE}}. This change makes it very cumbersome to use the reconfig APIs. It also, perversely, makes security worse as the entire ZooKeeper instance must be opened to "super" user while enabled reconfig (per {{ReconfigExceptionTest.java}}). Provide a mechanism for savvy users to disable this ACL so that an application-specific custom ACL can be set. -- This message was sent by Atlassian Jira (v8.3.2#803003)