[
https://issues.apache.org/jira/browse/ACCUMULO-3557?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14303544#comment-14303544
]
Josh Elser commented on ACCUMULO-3557:
--------------------------------------
Yup, we can't restrict writes on the parent node (/accumulo/instances) for the
reason you outlined, but we would want to restrict write access to each child
(/accumulo/instances/$instancename). Sorry that I was not clear enough with my
ellipsis :)
> No write ACL set on /accumulo/instances/...
> -------------------------------------------
>
> Key: ACCUMULO-3557
> URL: https://issues.apache.org/jira/browse/ACCUMULO-3557
> Project: Accumulo
> Issue Type: Improvement
> Components: zookeeper
> Reporter: Josh Elser
> Priority: Critical
> Fix For: 1.7.0
>
>
> It's common for users to have four "arguments" to make a connection to
> Accumulo: zookeeper quorum string, instance name, username and password.
> The instance name is used to find the instanceID using
> {{/accumulo/instances/...}} in ZooKeeper. It appears that anyone can write in
> the {{/accumulo/instances}} ZNode. This seems suspect, because any
> unauthenticated user can alter the state of ZooKeeper and break users
> connecting to Accumulo or force them to connect to a different Accumulo
> instance.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
