[
https://issues.apache.org/jira/browse/HBASE-12641?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14248192#comment-14248192
]
Liu Shaohui commented on HBASE-12641:
-------------------------------------
[~apurtell]
{quote}
Why the 'if (!node.startsWith(zkw.baseZNode))' shortcut?
{quote}
See HBASE-7258: HBase will create the baseZNode recursively if the parent node
does not exist.
if zookeeper.znode.parent is /service/hbase/, we don't want set acl on node
/service when hbase creates this node.
So we add this shortcut.
> Grant all permissions of hbase zookeeper node to hbase superuser in a secure
> cluster
> ------------------------------------------------------------------------------------
>
> Key: HBASE-12641
> URL: https://issues.apache.org/jira/browse/HBASE-12641
> Project: HBase
> Issue Type: Improvement
> Components: Zookeeper
> Reporter: Liu Shaohui
> Assignee: Liu Shaohui
> Priority: Minor
> Fix For: 1.0.0
>
> Attachments: HBASE-12641-v1.diff
>
>
> Currently in a secure cluster, only the master/regionserver kerberos user can
> manage the znode of hbase. But he master/regionserver kerberos user is for
> rpc connection and we usually use another super user to manage the cluster.
> In some special scenarios, we need to manage the data of znode with the
> supper user.
> eg:
> a, To get the data of the znode for debugging.
> b, HBASE-8253: We need to delete the znode for the corrupted hlog to avoid it
> block the replication.
> So we grant all permissions of hbase zookeeper node to hbase superuser during
> creating these znodes.
> Suggestions are welcomed.
> [~apurtell]
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
