[jira] [Commented] (ZOOKEEPER-2779) Add option to not set ACL for reconfig node

ASF GitHub Bot (JIRA) Tue, 09 May 2017 07:23:26 -0700

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2779?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16002757#comment-16002757
 ]


ASF GitHub Bot commented on ZOOKEEPER-2779:
-------------------------------------------

GitHub user Randgalt opened a pull request:

    https://github.com/apache/zookeeper/pull/249

    [ZOOKEEPER-2779] Branch 3.5 backport

    Branch 3.5 backport of https://github.com/apache/zookeeper/pull/248

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/Randgalt/zookeeper ZOOKEEPER-2779-3.5

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/zookeeper/pull/249.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #249
    
----
commit 5b59ee2e2cbcc65a76b76cf4fc5f0b6c6a92a980
Author: randgalt <jor...@jordanzimmerman.com>
Date:   2017-05-09T14:12:41Z

    Provide a means to disable setting of the Read Only ACL for the reconfig 
node added in ZOOKEEPER-2014. That change made it very cumbersome to use the 
reconfig feature and also could worsen security as the entire ZK database is 
open to "super" user while the reconfig node is being changed (the only 
possible method as of ZOOKEEPER-2014).

----


> Add option to not set ACL for reconfig node
> -------------------------------------------
>
>                 Key: ZOOKEEPER-2779
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2779
>             Project: ZooKeeper
>          Issue Type: Improvement
>          Components: server
>    Affects Versions: 3.5.3
>            Reporter: Jordan Zimmerman
>            Assignee: Jordan Zimmerman
>             Fix For: 3.5.4, 3.6.0
>
>
> ZOOKEEPER-2014 changed the behavior of the /zookeeper/config node by setting 
> the ACL to {{ZooDefs.Ids.READ_ACL_UNSAFE}}. This change makes it very 
> cumbersome to use the reconfig APIs. It also, perversely, makes security 
> worse as the ZooKeeper instance must be opened to "super" user while enabled 
> reconfig (per {{ReconfigExceptionTest.java}}). Provide a mechanism for savvy 
> users to disable this ACL so that an application-specific custom ACL can be 
> set.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

[jira] [Commented] (ZOOKEEPER-2779) Add option to not set ACL for reconfig node

Reply via email to