[ https://issues.apache.org/jira/browse/ZOOKEEPER-3617?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
maoling updated ZOOKEEPER-3617: ------------------------------- Fix Version/s: 3.7.0 > ZK digest ACL permissions gets overridden > ----------------------------------------- > > Key: ZOOKEEPER-3617 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3617 > Project: ZooKeeper > Issue Type: Bug > Components: security, server > Affects Versions: 3.4.9, 3.5.5 > Reporter: Vrinda Davda > Assignee: maoling > Priority: Major > Fix For: 3.7.0 > > > I was able to add one user with /crdwa/ access. > The moment I add another user with read-only access- /r/. The first user - > /user1/ > gets overridden with read-only access. Please see the output below : > > {code:java} > WatchedEvent state:SyncConnected type:None path:null > [zk: localhost:2181(CONNECTED) 0] addauth digest user1:password1 > [zk: localhost:2181(CONNECTED) 1] setAcl /newznode auth:user1:password1:crwad > cZxid = 0xe > ctime = Thu Nov 07 13:29:43 IST 2019 > mZxid = 0xe > mtime = Thu Nov 07 13:29:43 IST 2019 > pZxid = 0xe > cversion = 0 > dataVersion = 0 > aclVersion = 1 > ephemeralOwner = 0x0 > dataLength = 8 > numChildren = 0 > [zk: localhost:2181(CONNECTED) 2] getAcl /newznode > 'digest,'user1:XDkd2dsEuhc9ImU3q8pa8UOdtpI= > : cdrwa > [zk: localhost:2181(CONNECTED) 3] addauth digest user2:password2 > [zk: localhost:2181(CONNECTED) 4] setAcl /newznode auth:user2:password2:r > cZxid = 0xe > ctime = Thu Nov 07 13:29:43 IST 2019 > mZxid = 0xe > mtime = Thu Nov 07 13:29:43 IST 2019 > pZxid = 0xe > cversion = 0 > dataVersion = 0 > aclVersion = 2 > ephemeralOwner = 0x0 > dataLength = 8 > numChildren = 0 > zk: localhost:2181(CONNECTED) 5] getAcl /newznode > 'digest,'user1:XDkd2dsEuhc9ImU3q8pa8UOdtpI= > : r > 'digest,'user2:lo/iTtNMP+gEZlpUNaCqLYO3i5U= > : r > {code} > > If setAcl for both the users at the same time. I get both users duplicated, > one with readonly and another with cdrwa permissions, as below: > > {code:java} > [zk: localhost:2181(CONNECTED) 1] getAcl /zk_test > 'world,'anyone > : cdrwa > [zk: localhost:2181(CONNECTED) 2] addauth digest user1:password1 > [zk: localhost:2181(CONNECTED) 3] addauth digest user2:password2 > [zk: localhost:2181(CONNECTED) 5] > setAcl /zk_test auth:user2:password2:r,auth:user1:password1:cdrwa > cZxid = 0x2 > ctime = Wed Nov 13 20:14:08 IST 2019 > mZxid = 0x2 > mtime = Wed Nov 13 20:14:08 IST 2019 > pZxid = 0x2 > cversion = 0 > dataVersion = 0 > aclVersion = 2 > ephemeralOwner = 0x0 > dataLength = 7 > numChildren = 0 > [zk: localhost:2181(CONNECTED) 7] getAcl /zk_test > 'digest,'user1:XDkd2dsEuhc9ImU3q8pa8UOdtpI= > : r > 'digest,'user2:lo/iTtNMP+gEZlpUNaCqLYO3i5U= > : r > 'digest,'user1:XDkd2dsEuhc9ImU3q8pa8UOdtpI= > : cdrwa > 'digest,'user2:lo/iTtNMP+gEZlpUNaCqLYO3i5U= > : cdrwa > {code} > -- This message was sent by Atlassian Jira (v8.3.4#803005)