From dev-return-625-apmail-storm-dev-archive=storm.apache.org@storm.incubator.apache.org Fri Feb 7 16:48:54 2014 Return-Path: X-Original-To: apmail-storm-dev-archive@minotaur.apache.org Delivered-To: apmail-storm-dev-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id DB2E010D4D for ; Fri, 7 Feb 2014 16:48:54 +0000 (UTC) Received: (qmail 3744 invoked by uid 500); 7 Feb 2014 16:48:52 -0000 Delivered-To: apmail-storm-dev-archive@storm.apache.org Received: (qmail 3682 invoked by uid 500); 7 Feb 2014 16:48:52 -0000 Mailing-List: contact dev-help@storm.incubator.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@storm.incubator.apache.org Delivered-To: mailing list dev@storm.incubator.apache.org Received: (qmail 3673 invoked by uid 99); 7 Feb 2014 16:48:52 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 07 Feb 2014 16:48:52 +0000 X-ASF-Spam-Status: No, hits=-2000.5 required=5.0 tests=ALL_TRUSTED,RP_MATCHES_RCVD X-Spam-Check-By: apache.org Received: from [140.211.11.3] (HELO mail.apache.org) (140.211.11.3) by apache.org (qpsmtpd/0.29) with SMTP; Fri, 07 Feb 2014 16:48:51 +0000 Received: (qmail 1463 invoked by uid 99); 7 Feb 2014 16:48:22 -0000 Received: from arcas.apache.org (HELO arcas.apache.org) (140.211.11.28) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 07 Feb 2014 16:48:22 +0000 Date: Fri, 7 Feb 2014 16:48:22 +0000 (UTC) From: "Robert Joseph Evans (JIRA)" To: dev@storm.incubator.apache.org Message-ID: In-Reply-To: References: Subject: [jira] [Created] (STORM-224) Storm should use stricter ACLs whin zookeeper MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-JIRA-FingerPrint: 30527f35849b9dde25b450d4833f0394 X-Virus-Checked: Checked by ClamAV on apache.org Robert Joseph Evans created STORM-224: ----------------------------------------- Summary: Storm should use stricter ACLs whin zookeeper Key: STORM-224 URL: https://issues.apache.org/jira/browse/STORM-224 Project: Apache Storm (Incubating) Issue Type: Sub-task Reporter: Robert Joseph Evans In a stand alone environment storm stores everything wide open in ZK. We really should lock this down with ACLs so that individual topologies cannot modify data that the storm system uses, and so that other topologies cannot modify/interfere with each other. The current code from Yahoo will generate a random username/password for each topology that is launched. This works great for most topologies, but for trident topologies because they store long lived data in ZK the user has to keep the credentials around themselves. We would love to switch ZK access over to use a forwarded TGT, but have not finished the work to do this yet. -- This message was sent by Atlassian JIRA (v6.1.5#6160)