[ https://issues.apache.org/jira/browse/HBASE-18323?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16098965#comment-16098965 ]
Josh Elser commented on HBASE-18323: ------------------------------------ Also, I'm only thinking about putting this on branch-1, branch-2, and master as it's only an irritation and not a bug. If anyone wants this on older branches, please speak up. > Remove multiple ACLs for the same user in kerberos > -------------------------------------------------- > > Key: HBASE-18323 > URL: https://issues.apache.org/jira/browse/HBASE-18323 > Project: HBase > Issue Type: Bug > Affects Versions: 1.2.0, 3.0.0 > Reporter: Shibin Zhang > Assignee: Shibin Zhang > Priority: Minor > Attachments: HBASE-18323.patch, HBASE-18323-V2.patch, > HBASE-18323-V3.patch, HBASE-18323-V4.patch > > > When deploy hbase in kerberos way ,there will be multiple acls in znode : > 'world,'anyone > : r > 'sasl,'hbase > : cdrwa > 'sasl,'hbase > : cdrwa > I also see the related issue and apply the patch, like > https://issues.apache.org/jira/browse/HBASE-17717 > but in my environment ,this situation still appear, > After dig into the code , i found the reason in source code ZKUtil.createAcl > is > if (zkw.isClientReadable(node)) { > LOG.error("isSecureZooKeeper user: clientReadable"); > acls.addAll(Ids.CREATOR_ALL_ACL); > acls.addAll(Ids.READ_ACL_UNSAFE); > } else { > LOG.error("isSecureZooKeeper user: clientReadable no"); > acls.addAll(Ids.CREATOR_ALL_ACL); > } > acls.addAll(Ids.CREATOR_ALL_ACL); > > Id AUTH_IDS = new Id("auth", ""); > ArrayList<ACL> CREATOR_ALL_ACL = new ArrayList(Collections.singletonList(new > ACL(31, AUTH_IDS))); > AUTH_IDS with "auth " will result current connection auth user add to > znode acl , > so it will appear multiple acls for same users. > I think this line of code we can remove : > acls.addAll(Ids.CREATOR_ALL_ACL); -- This message was sent by Atlassian JIRA (v6.4.14#64029)