Badai Aqrandista created KAFKA-7754:
---------------------------------------
Summary: zookeeper-security-migration.sh sets the root ZNode as
world-readable
Key: KAFKA-7754
URL: https://issues.apache.org/jira/browse/KAFKA-7754
Project: Kafka
Issue Type: Bug
Components: security
Affects Versions: 2.0.1
Reporter: Badai Aqrandista
If I start broker with {{zookeeper.set.acl=true}} from the first time I start
the broker, the root ZNode is not set to be world-readable to allow other
application to share the Zookeeper ensemble with chroot.
But if I run {{zookeeper-security-migration.sh}} with {{–zookeeper.acl
secure}}, the root ZNode becomes world-readable. Is this correct?
{noformat}
root@localhost:/# zookeeper-shell localhost:2181
Connecting to localhost:2181
Welcome to ZooKeeper!
JLine support is enabled
[zk: localhost:2181(CONNECTING) 0]
WATCHER::
WatchedEvent state:SyncConnected type:None path:null
WATCHER::
WatchedEvent state:SaslAuthenticated type:None path:null
[zk: localhost:2181(CONNECTED) 0] getAcl /
'world,'anyone
: cdrwa
[zk: localhost:2181(CONNECTED) 1] getAcl /brokers
'world,'anyone
: r
'sasl,'kafkabroker
: cdrwa
[zk: localhost:2181(CONNECTED) 2] quit
Quitting...
root@localhost:/# zookeeper-security-migration --zookeeper.acl secure
--zookeeper.connect localhost:2181
root@localhost:/# zookeeper-shell localhost:2181
Connecting to localhost:2181
Welcome to ZooKeeper!
JLine support is enabled
[zk: localhost:2181(CONNECTING) 0]
WATCHER::
WatchedEvent state:SyncConnected type:None path:null
WATCHER::
WatchedEvent state:SaslAuthenticated type:None path:null
[zk: localhost:2181(CONNECTED) 0] getAcl /
'world,'anyone
: r
'sasl,'kafkabroker
: cdrwa
[zk: localhost:2181(CONNECTED) 1] getAcl /brokers
'world,'anyone
: r
'sasl,'kafkabroker
: cdrwa
[zk: localhost:2181(CONNECTED) 2]
{noformat}
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
