[ https://issues.apache.org/jira/browse/CASSANDRA-11755?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Paulo Motta updated CASSANDRA-11755: ------------------------------------ Status: Ready to Commit (was: Patch Available) > nodetool info should run with "readonly" jmx access > --------------------------------------------------- > > Key: CASSANDRA-11755 > URL: https://issues.apache.org/jira/browse/CASSANDRA-11755 > Project: Cassandra > Issue Type: Improvement > Components: Observability > Reporter: Jérôme Mainaud > Priority: Minor > Labels: security > Fix For: 2.1.14 > > Attachments: 11755-2.1.patch, > nodetool-info-exception-when-readonly.txt > > > nodetool info crash when granted with readonly jmx access > In the example given in attachment, the jmxremote.access file gives readonly > access to the cassandra jmx role. > When the role is granted to readwrite access, everything works. > The main reason is that node datacenter and rack info are fetched by an > operation invocation instead of by an attribute read. The former one is not > allowed to the role with readonly access. > This is a security concern because nodetool info could be called by a > monitoring agent (Nagios for instance) and enterprise policy often don't > allow these agents to connect to JMX with higher privileges than "readonly". -- This message was sent by Atlassian JIRA (v6.3.4#6332)