[
https://issues.apache.org/jira/browse/ACCUMULO-3557?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14303527#comment-14303527
]
Mike Drob commented on ACCUMULO-3557:
-------------------------------------
Who would be authorized to write here?
If there are multiple instances sharing the same zookeeper (which I think is
crazy-talk, but we support it) then it's not like a single instance secret is
authoratative enough to make changes. Maybe the best we can do is just place an
ACL on each individual znode and leave {{/instances}} open.
> No write ACL set on /accumulo/instances/...
> -------------------------------------------
>
> Key: ACCUMULO-3557
> URL: https://issues.apache.org/jira/browse/ACCUMULO-3557
> Project: Accumulo
> Issue Type: Improvement
> Components: zookeeper
> Reporter: Josh Elser
> Priority: Critical
> Fix For: 1.7.0
>
>
> It's common for users to have four "arguments" to make a connection to
> Accumulo: zookeeper quorum string, instance name, username and password.
> The instance name is used to find the instanceID using
> {{/accumulo/instances/...}} in ZooKeeper. It appears that anyone can write in
> the {{/accumulo/instances}} ZNode. This seems suspect, because any
> unauthenticated user can alter the state of ZooKeeper and break users
> connecting to Accumulo or force them to connect to a different Accumulo
> instance.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
