[
https://issues.apache.org/jira/browse/ZOOKEEPER-3617?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
maoling updated ZOOKEEPER-3617:
-------------------------------
Description:
I was able to add one user with /crdwa/ access.
The moment I add another user with read-only access- /r/. The first user -
/user1/
gets overridden with read-only access. Please see the output below :
{code:java}
WatchedEvent state:SyncConnected type:None path:null
[zk: localhost:2181(CONNECTED) 0] addauth digest user1:password1
[zk: localhost:2181(CONNECTED) 1] setAcl /newznode auth:user1:password1:crwad
cZxid = 0xe
ctime = Thu Nov 07 13:29:43 IST 2019
mZxid = 0xe
mtime = Thu Nov 07 13:29:43 IST 2019
pZxid = 0xe
cversion = 0
dataVersion = 0
aclVersion = 1
ephemeralOwner = 0x0
dataLength = 8
numChildren = 0
[zk: localhost:2181(CONNECTED) 2] getAcl /newznode
'digest,'user1:XDkd2dsEuhc9ImU3q8pa8UOdtpI=
: cdrwa
[zk: localhost:2181(CONNECTED) 3] addauth digest user2:password2
[zk: localhost:2181(CONNECTED) 4] setAcl /newznode auth:user2:password2:r
cZxid = 0xe
ctime = Thu Nov 07 13:29:43 IST 2019
mZxid = 0xe
mtime = Thu Nov 07 13:29:43 IST 2019
pZxid = 0xe
cversion = 0
dataVersion = 0
aclVersion = 2
ephemeralOwner = 0x0
dataLength = 8
numChildren = 0
zk: localhost:2181(CONNECTED) 5] getAcl /newznode
'digest,'user1:XDkd2dsEuhc9ImU3q8pa8UOdtpI=
: r
'digest,'user2:lo/iTtNMP+gEZlpUNaCqLYO3i5U=
: r
{code}
If setAcl for both the users at the same time. I get both users duplicated, one
with readonly and another with cdrwa permissions, as below:
{code:java}
[zk: localhost:2181(CONNECTED) 1] getAcl /zk_test
'world,'anyone
: cdrwa
[zk: localhost:2181(CONNECTED) 2] addauth digest user1:password1
[zk: localhost:2181(CONNECTED) 3] addauth digest user2:password2
[zk: localhost:2181(CONNECTED) 5]
setAcl /zk_test auth:user2:password2:r,auth:user1:password1:cdrwa
cZxid = 0x2
ctime = Wed Nov 13 20:14:08 IST 2019
mZxid = 0x2
mtime = Wed Nov 13 20:14:08 IST 2019
pZxid = 0x2
cversion = 0
dataVersion = 0
aclVersion = 2
ephemeralOwner = 0x0
dataLength = 7
numChildren = 0
[zk: localhost:2181(CONNECTED) 7] getAcl /zk_test
'digest,'user1:XDkd2dsEuhc9ImU3q8pa8UOdtpI=
: r
'digest,'user2:lo/iTtNMP+gEZlpUNaCqLYO3i5U=
: r
'digest,'user1:XDkd2dsEuhc9ImU3q8pa8UOdtpI=
: cdrwa
'digest,'user2:lo/iTtNMP+gEZlpUNaCqLYO3i5U=
: cdrwa
{code}
was:
I was able to add one user with /crdwa/ access.
The moment I add another user with read-only access- /r/. The first user -
/user1/
gets overridden with read-only access. Please see the output below :
{code:java}
WatchedEvent state:SyncConnected type:None path:null
[zk: localhost:2181(CONNECTED) 0] addauth digest user1:password1
[zk: localhost:2181(CONNECTED) 1] setAcl /newznode auth:user1:password1:crwad
auth:user1:password1:crdwa
cZxid = 0xe
ctime = Thu Nov 07 13:29:43 IST 2019
mZxid = 0xe
mtime = Thu Nov 07 13:29:43 IST 2019
pZxid = 0xe
cversion = 0
dataVersion = 0
aclVersion = 1
ephemeralOwner = 0x0
dataLength = 8
numChildren = 0
[zk: localhost:2181(CONNECTED) 2] getAcl /newznode
'digest,'user1:XDkd2dsEuhc9ImU3q8pa8UOdtpI=
: cdrwa
[zk: localhost:2181(CONNECTED) 3] addauth digest user2:password2
[zk: localhost:2181(CONNECTED) 4] setAcl /newznode auth:user2:password2:r
cZxid = 0xe
ctime = Thu Nov 07 13:29:43 IST 2019
mZxid = 0xe
mtime = Thu Nov 07 13:29:43 IST 2019
pZxid = 0xe
cversion = 0
dataVersion = 0
aclVersion = 2
ephemeralOwner = 0x0
dataLength = 8
numChildren = 0
zk: localhost:2181(CONNECTED) 5] getAcl /newznode
'digest,'user1:XDkd2dsEuhc9ImU3q8pa8UOdtpI=
: r
'digest,'user2:lo/iTtNMP+gEZlpUNaCqLYO3i5U=
: r
{code}
If setAcl for both the users at the same time. I get both users duplicated, one
with readonly and another with cdrwa permissions, as below:
{code:java}
[zk: localhost:2181(CONNECTED) 1] getAcl /zk_test
'world,'anyone
: cdrwa
[zk: localhost:2181(CONNECTED) 2] addauth digest user1:password1
[zk: localhost:2181(CONNECTED) 3] addauth digest user2:password2
[zk: localhost:2181(CONNECTED) 4] setAcl /newznode
auth:user2:password2:r,auth:user1:password1:cdrwa
Node does not exist: /newznode
[zk: localhost:2181(CONNECTED) 5] setAcl /zk_test
auth:user2:password2:r,auth:user1:password1:cdrwa
cZxid = 0x2
ctime = Wed Nov 13 20:14:08 IST 2019
mZxid = 0x2
mtime = Wed Nov 13 20:14:08 IST 2019
pZxid = 0x2
cversion = 0
dataVersion = 0
aclVersion = 2
ephemeralOwner = 0x0
dataLength = 7
numChildren = 0
[zk: localhost:2181(CONNECTED) 6] getAcl
[zk: localhost:2181(CONNECTED) 7] getAcl /zk_test
'digest,'user1:XDkd2dsEuhc9ImU3q8pa8UOdtpI=
: r
'digest,'user2:lo/iTtNMP+gEZlpUNaCqLYO3i5U=
: r
'digest,'user1:XDkd2dsEuhc9ImU3q8pa8UOdtpI=
: cdrwa
'digest,'user2:lo/iTtNMP+gEZlpUNaCqLYO3i5U=
: cdrwa
[zk: localhost:2181(CONNECTED) 8]
{code}
> ZK digest ACL permissions gets overridden
> -----------------------------------------
>
> Key: ZOOKEEPER-3617
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3617
> Project: ZooKeeper
> Issue Type: Bug
> Components: security, server
> Affects Versions: 3.4.9, 3.5.5
> Reporter: Vrinda Davda
> Assignee: maoling
> Priority: Major
>
> I was able to add one user with /crdwa/ access.
> The moment I add another user with read-only access- /r/. The first user -
> /user1/
> gets overridden with read-only access. Please see the output below :
>
> {code:java}
> WatchedEvent state:SyncConnected type:None path:null
> [zk: localhost:2181(CONNECTED) 0] addauth digest user1:password1
> [zk: localhost:2181(CONNECTED) 1] setAcl /newznode auth:user1:password1:crwad
> cZxid = 0xe
> ctime = Thu Nov 07 13:29:43 IST 2019
> mZxid = 0xe
> mtime = Thu Nov 07 13:29:43 IST 2019
> pZxid = 0xe
> cversion = 0
> dataVersion = 0
> aclVersion = 1
> ephemeralOwner = 0x0
> dataLength = 8
> numChildren = 0
> [zk: localhost:2181(CONNECTED) 2] getAcl /newznode
> 'digest,'user1:XDkd2dsEuhc9ImU3q8pa8UOdtpI=
> : cdrwa
> [zk: localhost:2181(CONNECTED) 3] addauth digest user2:password2
> [zk: localhost:2181(CONNECTED) 4] setAcl /newznode auth:user2:password2:r
> cZxid = 0xe
> ctime = Thu Nov 07 13:29:43 IST 2019
> mZxid = 0xe
> mtime = Thu Nov 07 13:29:43 IST 2019
> pZxid = 0xe
> cversion = 0
> dataVersion = 0
> aclVersion = 2
> ephemeralOwner = 0x0
> dataLength = 8
> numChildren = 0
> zk: localhost:2181(CONNECTED) 5] getAcl /newznode
> 'digest,'user1:XDkd2dsEuhc9ImU3q8pa8UOdtpI=
> : r
> 'digest,'user2:lo/iTtNMP+gEZlpUNaCqLYO3i5U=
> : r
> {code}
>
> If setAcl for both the users at the same time. I get both users duplicated,
> one with readonly and another with cdrwa permissions, as below:
>
> {code:java}
> [zk: localhost:2181(CONNECTED) 1] getAcl /zk_test
> 'world,'anyone
> : cdrwa
> [zk: localhost:2181(CONNECTED) 2] addauth digest user1:password1
> [zk: localhost:2181(CONNECTED) 3] addauth digest user2:password2
> [zk: localhost:2181(CONNECTED) 5]
> setAcl /zk_test auth:user2:password2:r,auth:user1:password1:cdrwa
> cZxid = 0x2
> ctime = Wed Nov 13 20:14:08 IST 2019
> mZxid = 0x2
> mtime = Wed Nov 13 20:14:08 IST 2019
> pZxid = 0x2
> cversion = 0
> dataVersion = 0
> aclVersion = 2
> ephemeralOwner = 0x0
> dataLength = 7
> numChildren = 0
> [zk: localhost:2181(CONNECTED) 7] getAcl /zk_test
> 'digest,'user1:XDkd2dsEuhc9ImU3q8pa8UOdtpI=
> : r
> 'digest,'user2:lo/iTtNMP+gEZlpUNaCqLYO3i5U=
> : r
> 'digest,'user1:XDkd2dsEuhc9ImU3q8pa8UOdtpI=
> : cdrwa
> 'digest,'user2:lo/iTtNMP+gEZlpUNaCqLYO3i5U=
> : cdrwa
> {code}
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
