[ https://issues.apache.org/jira/browse/ZOOKEEPER-2591?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16072626#comment-16072626 ]
Edward Ribeiro commented on ZOOKEEPER-2591: ------------------------------------------- Cool, got it. It is the only edge case previously described and your solution is nice. Excuse me for disturbing the talk with a spurious example. > The deletion of Container znode doesn't check ACL delete permission > ------------------------------------------------------------------- > > Key: ZOOKEEPER-2591 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2591 > Project: ZooKeeper > Issue Type: Bug > Components: security, server > Reporter: Edward Ribeiro > Assignee: Edward Ribeiro > > Container nodes check the ACL before creation, but the deletion doesn't check > the ACL rights. The code below succeeds even tough we removed ACL access > permissions for "/a". > {code} > zk.create("/a", null, Ids.OPEN_ACL_UNSAFE, CreateMode.CONTAINER); > ArrayList<ACL> list = new ArrayList<>(); > list.add(new ACL(0, Ids.ANYONE_ID_UNSAFE)); > zk.setACL("/", list, -1); > zk.delete("/a", -1); > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)