zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benjamin Reed <br...@apache.org>
Subject Re: Acl block detete not working
Date Sat, 13 May 2017 08:30:01 GMT
please check out
http://zookeeper.apache.org/doc/r3.5.3-beta/zookeeperProgrammers.html#sc_ACLPermissions.
DELETE prevents deletion of children (like CREATE prevents the
creation of children). it does not prevent the deletion of the znode
itself.

ben

On Fri, May 12, 2017 at 10:53 PM, Edward Ribeiro
<edward.ribeiro@gmail.com> wrote:
> Hey, Joe and Martin,
>
> A quick explanation: the code Martin posted on the mailing list is the
> client side one. In those snippets the setACL is setting/changing the ACL
> so it needs to pass this in the call to the server: zk.setACL(path, acl,
> version). OTOH, the delete command doesn't need to pass the ACL credentials
> because those are already stored in the corresponding znode (or its parent)
> so it only needs to pass the path and version: zk.delete(path, version).
>
> What you really want to look at is here:
> https://github.com/apache/zookeeper/blob/branch-3.4/src/java/main/org/apache/zookeeper/server/PrepRequestProcessor.java#L392
>
> See? The delete is checking the ACL of the parent znode, but not the znode
> that we are trying to delete.
>
> Well, I opened a PR https://github.com/apache/zookeeper/pull/252 to see if
> we can fix this.
>
> Best regards,
> Edward
>
>
>
>
>
>
> On Tue, May 2, 2017 at 6:24 PM, joe smith <water4u99@yahoo.com.invalid>
> wrote:
>
>> Hi Martin,
>> Thanks for the reply.  I've create a bug report:
>> https://issues.apache.org/jira/browse/ZOOKEEPER-2772
>> Regards,-j
>>
>>
>>     On Tuesday, May 2, 2017 2:16 PM, Martin Gainty <mgainty@hotmail.com>
>> wrote:
>>
>>
>>  #yiv6303704777 #yiv6303704777 -- P {margin-top:0;margin-bottom:0;
>> }#yiv6303704777
>> From: joe smith <water4u99@yahoo.com.INVALID>
>> Sent: Tuesday, May 2, 2017 8:40 AM
>> To: user@zookeeper.apache.org
>> Subject: Acl block detete not working Hi,
>> I'm using 3.4.10 and setting custom aol to block deletion of a znode.
>> However, I'm able to delete the node even after I've set acl from cdrwa to
>> crwa.
>> Can anyone point out if I missed some step.
>> Thanks for the help
>>
>> Here is the trace:
>> [zk: localhost:2181(CONNECTED) 0] ls /
>> [zookeeper]
>>
>> [zk: localhost:2181(CONNECTED) 1] create /test "data"Created /test
>>
>> [zk: localhost:2181(CONNECTED) 2] ls /[zookeeper, test]
>>
>> [zk: localhost:2181(CONNECTED) 3] addauth myfqdn localhost
>> [zk: localhost:2181(CONNECTED) 4] setAcl /test myfqdn:localhost:cracZxid =
>> 0x2
>> ctime = Tue May 02 08:28:42 EDT 2017
>> mZxid = 0x2
>> mtime = Tue May 02 08:28:42 EDT 2017
>> pZxid = 0x2
>> cversion = 0
>> dataVersion = 0
>> aclVersion = 1
>> ephemeralOwner = 0x0
>> dataLength = 4
>> numChildren = 0
>>
>> MG>in SetAclCommand you can see the acl being parsed and acl being set by
>> setAcl into zk object
>>     List<ACL> acl = AclParser.parse(aclStr);        int version;        if
>> (cl.hasOption("v")) {            version = Integer.parseInt(cl.getOptionValue("v"));
>>       } else {            version = -1;        }        try {
>> Stat stat = zk.setACL(path, acl, version);
>> MG>later on in DeleteCommand there is no check for aforementioned acl
>> parameter   public boolean exec() throws KeeperException,
>> InterruptedException {        String path = args[1];        int version;
>>     if (cl.hasOption("v")) {            version = Integer.parseInt(cl.getOptionValue("v"));
>>       } else {            version = -1;        }                try {
>>   zk.delete(path, version);        } catch(KeeperException.BadVersionException
>> ex) {            err.println(ex.getMessage());        }        return false;
>> MG>as seen here the testCase works properly saving the Zookeeper object
>>  LsCommand entity = new LsCommand();        entity.setZk(zk);
>>
>> MG>but setACL does not save the zookeeper object anywhere but instead
>> seems to discard zookeeper object with accompanying ACLsMG>can you report
>> this bug to Zookeeper?
>> https://issues.apache.org/jira/browse/ZOOKEEPER/?
>> selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel
>>
>> | ZooKeeper - ASF JIRA - issues.apache.orgissues.apache.orgApache
>> ZooKeeper is a service for coordinating processes of distributed
>> applications. Versions: Unreleased. Name Release date; Unreleased 3.2.3 :
>> Unreleased 3.3.7 |
>>
>> MG>Thanks Joe!
>>
>> [zk: localhost:2181(CONNECTED) 5] getAcl /test'myfqdn,'localhost
>> : cra
>>
>> [zk: localhost:2181(CONNECTED) 6] get /testdata
>> cZxid = 0x2
>> ctime = Tue May 02 08:28:42 EDT 2017
>> mZxid = 0x2
>> mtime = Tue May 02 08:28:42 EDT 2017
>> pZxid = 0x2
>> cversion = 0
>> dataVersion = 0
>> aclVersion = 1
>> ephemeralOwner = 0x0
>> dataLength = 4
>> numChildren = 0
>>
>> [zk: localhost:2181(CONNECTED) 7] set /test "testwrite"Authentication is
>> not valid : /test
>>
>> [zk: localhost:2181(CONNECTED) 8] delete /test
>> [zk: localhost:2181(CONNECTED) 9] ls /[zookeeper]
>>
>> [zk: localhost:2181(CONNECTED) 10]
>> The auth provider imple is here: http://s000.tinyupload.com/?
>> file_id=42827186839577179157
>> | TinyUpload.com - best file hosting solution, with no limits, totaly
>> frees000.tinyupload.comTinyUpload.com - solution for tiny file hosting.
>> No download limits, no upload limit. Totaly free. |
>>
>>
>>
>>
>>
>>
>>
>> |   |
>>
>>
>>
>>
>>

Mime
View raw message