[ https://issues.apache.org/jira/browse/ZOOKEEPER-2591?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16079263#comment-16079263 ]
Jordan Zimmerman commented on ZOOKEEPER-2591: --------------------------------------------- I think preventing deleteContainer from clients is the best bet. We could even have a class of opcodes that are marked "internal only". > The deletion of Container znode doesn't check ACL delete permission > ------------------------------------------------------------------- > > Key: ZOOKEEPER-2591 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2591 > Project: ZooKeeper > Issue Type: Bug > Components: security, server > Reporter: Edward Ribeiro > Assignee: Edward Ribeiro > > Container nodes check the ACL before creation, but the deletion doesn't check > the ACL rights. The code below succeeds even tough we removed ACL access > permissions for "/a". > {code} > zk.create("/a", null, Ids.OPEN_ACL_UNSAFE, CreateMode.CONTAINER); > ArrayList<ACL> list = new ArrayList<>(); > list.add(new ACL(0, Ids.ANYONE_ID_UNSAFE)); > zk.setACL("/", list, -1); > zk.delete("/a", -1); > {code} -- This message was sent by Atlassian JIRA (v6.4.14#64029)