[jira] [Commented] (ZOOKEEPER-2591) The deletion of Container znode doesn't check ACL delete permission

Mohammad Arshad (JIRA) Mon, 03 Jul 2017 22:31:52 -0700

    [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2591?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16073119#comment-16073119
 ]


Mohammad Arshad commented on ZOOKEEPER-2591:
--------------------------------------------

Adding  "node.stat.getCversion() > 0" check makes sense to me. anybody 
submitting patch? I will review it.

> The deletion of Container znode doesn't check ACL delete permission
> -------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-2591
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2591
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: security, server
>            Reporter: Edward Ribeiro
>            Assignee: Edward Ribeiro
>
> Container nodes check the ACL before creation, but the deletion doesn't check 
>  the ACL rights. The code below succeeds even tough we removed ACL access 
> permissions for "/a".
> {code}
>         zk.create("/a", null, Ids.OPEN_ACL_UNSAFE, CreateMode.CONTAINER);
>         ArrayList<ACL> list = new ArrayList<>();
>         list.add(new ACL(0, Ids.ANYONE_ID_UNSAFE));
>         zk.setACL("/", list, -1);
>         zk.delete("/a", -1);
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Commented] (ZOOKEEPER-2591) The deletion of Container znode doesn't check ACL delete permission

Reply via email to