Edward Ribeiro created ZOOKEEPER-2591: -----------------------------------------
Summary: The deletion of Container znode doesn't check ACL delete permission Key: ZOOKEEPER-2591 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2591 Project: ZooKeeper Issue Type: Bug Components: security, server Reporter: Edward Ribeiro Assignee: Edward Ribeiro Container nodes check the ACL before creation, but the deletion doesn't check the ACL rights. The code below succeeds even tough we removed ACL access permissions for "/a". {code} zk.create("/a", null, Ids.OPEN_ACL_UNSAFE, CreateMode.CONTAINER); ArrayList<ACL> list = new ArrayList<>(); list.add(new ACL(0, Ids.ANYONE_ID_UNSAFE)); zk.setACL("/a", list, -1); zk.delete("/a", -1); {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)