zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benjamin Reed <br...@yahoo-inc.com>
Subject "Fixing" ZooDefs.PERMS.ALL
Date Tue, 16 Jun 2009 19:07:51 GMT
We have discovered that there is a bug in ZooDefs.PERMS.ALL: it is 
missing ZooDefs.PERMS.ADMIN, thus it isn't really ALL :) The problem is 
that the C binding includes ADMIN in ALL, so we have an inconsistency 
between the two bindings. We would like to fix this as a bug fix in the 
next release, but it does change behavior, so we wanted to run in by the 
list to get our users' opinions.

To understand the behavioral change let me first remind you that the 
ADMIN permission is only used with the setACL operation. Normally, 
developers use PERMS.ALL indirectly by using ids.OPEN_ACL_UNSAFE. So, 
doing zk.create(path, data, Ids.OPEN_ACL_UNSAFE, flags) will create a
znode for which no one will have the ability to change the ACL, ie call 
setACL. If we fix this, everyone will be able to change the ACL of the 
znode, which corresponds to the behavior of using OPEN_ACL_UNSAFE with 
the C binding.

(Note: nodes that were previously created with OPEN_ACL_UNSAFE or 
PERMS.ALL, will not be affected since these are just client side macros.)

Thoughts? Suggestions?



View raw message