Excuse me, should have looked first on docs. Interesting behaviour...
Thanks Ben! Em 13 de mai de 2017 5:30 AM, "Benjamin Reed" <[email protected]> escreveu: please check out http://zookeeper.apache.org/doc/r3.5.3-beta/zookeeperProgram mers.html#sc_ACLPermissions. DELETE prevents deletion of children (like CREATE prevents the creation of children). it does not prevent the deletion of the znode itself. ben On Fri, May 12, 2017 at 10:53 PM, Edward Ribeiro <[email protected]> wrote: > Hey, Joe and Martin, > > A quick explanation: the code Martin posted on the mailing list is the > client side one. In those snippets the setACL is setting/changing the ACL > so it needs to pass this in the call to the server: zk.setACL(path, acl, > version). OTOH, the delete command doesn't need to pass the ACL credentials > because those are already stored in the corresponding znode (or its parent) > so it only needs to pass the path and version: zk.delete(path, version). > > What you really want to look at is here: > https://github.com/apache/zookeeper/blob/branch-3.4/src/java /main/org/apache/zookeeper/server/PrepRequestProcessor.java#L392 > > See? The delete is checking the ACL of the parent znode, but not the znode > that we are trying to delete. > > Well, I opened a PR https://github.com/apache/zookeeper/pull/252 to see if > we can fix this. > > Best regards, > Edward > > > > > > > On Tue, May 2, 2017 at 6:24 PM, joe smith <[email protected]> > wrote: > >> Hi Martin, >> Thanks for the reply. I've create a bug report: >> https://issues.apache.org/jira/browse/ZOOKEEPER-2772 >> Regards,-j >> >> >> On Tuesday, May 2, 2017 2:16 PM, Martin Gainty <[email protected]> >> wrote: >> >> >> #yiv6303704777 #yiv6303704777 -- P {margin-top:0;margin-bottom:0; >> }#yiv6303704777 >> From: joe smith <[email protected]> >> Sent: Tuesday, May 2, 2017 8:40 AM >> To: [email protected] >> Subject: Acl block detete not working Hi, >> I'm using 3.4.10 and setting custom aol to block deletion of a znode. >> However, I'm able to delete the node even after I've set acl from cdrwa to >> crwa. >> Can anyone point out if I missed some step. >> Thanks for the help >> >> Here is the trace: >> [zk: localhost:2181(CONNECTED) 0] ls / >> [zookeeper] >> >> [zk: localhost:2181(CONNECTED) 1] create /test "data"Created /test >> >> [zk: localhost:2181(CONNECTED) 2] ls /[zookeeper, test] >> >> [zk: localhost:2181(CONNECTED) 3] addauth myfqdn localhost >> [zk: localhost:2181(CONNECTED) 4] setAcl /test myfqdn:localhost:cracZxid = >> 0x2 >> ctime = Tue May 02 08:28:42 EDT 2017 >> mZxid = 0x2 >> mtime = Tue May 02 08:28:42 EDT 2017 >> pZxid = 0x2 >> cversion = 0 >> dataVersion = 0 >> aclVersion = 1 >> ephemeralOwner = 0x0 >> dataLength = 4 >> numChildren = 0 >> >> MG>in SetAclCommand you can see the acl being parsed and acl being set by >> setAcl into zk object >> List<ACL> acl = AclParser.parse(aclStr); int version; if >> (cl.hasOption("v")) { version = Integer.parseInt(cl.getOptionV alue("v")); >> } else { version = -1; } try { >> Stat stat = zk.setACL(path, acl, version); >> MG>later on in DeleteCommand there is no check for aforementioned acl >> parameter public boolean exec() throws KeeperException, >> InterruptedException { String path = args[1]; int version; >> if (cl.hasOption("v")) { version = Integer.parseInt(cl.getOptionValue("v")); >> } else { version = -1; } try { >> zk.delete(path, version); } catch(KeeperException.BadVersi onException >> ex) { err.println(ex.getMessage()); } return false; >> MG>as seen here the testCase works properly saving the Zookeeper object >> LsCommand entity = new LsCommand(); entity.setZk(zk); >> >> MG>but setACL does not save the zookeeper object anywhere but instead >> seems to discard zookeeper object with accompanying ACLsMG>can you report >> this bug to Zookeeper? >> https://issues.apache.org/jira/browse/ZOOKEEPER/? >> selectedTab=com.atlassian.jira.jira-projects-plugin:summary-panel >> >> | ZooKeeper - ASF JIRA - issues.apache.orgissues.apache.orgApache >> ZooKeeper is a service for coordinating processes of distributed >> applications. Versions: Unreleased. Name Release date; Unreleased 3.2.3 : >> Unreleased 3.3.7 | >> >> MG>Thanks Joe! >> >> [zk: localhost:2181(CONNECTED) 5] getAcl /test'myfqdn,'localhost >> : cra >> >> [zk: localhost:2181(CONNECTED) 6] get /testdata >> cZxid = 0x2 >> ctime = Tue May 02 08:28:42 EDT 2017 >> mZxid = 0x2 >> mtime = Tue May 02 08:28:42 EDT 2017 >> pZxid = 0x2 >> cversion = 0 >> dataVersion = 0 >> aclVersion = 1 >> ephemeralOwner = 0x0 >> dataLength = 4 >> numChildren = 0 >> >> [zk: localhost:2181(CONNECTED) 7] set /test "testwrite"Authentication is >> not valid : /test >> >> [zk: localhost:2181(CONNECTED) 8] delete /test >> [zk: localhost:2181(CONNECTED) 9] ls /[zookeeper] >> >> [zk: localhost:2181(CONNECTED) 10] >> The auth provider imple is here: http://s000.tinyupload.com/? >> file_id=42827186839577179157 >> | TinyUpload.com - best file hosting solution, with no limits, totaly >> frees000.tinyupload.comTinyUpload.com - solution for tiny file hosting. >> No download limits, no upload limit. Totaly free. | >> >> >> >> >> >> >> >> | | >> >> >> >> >>
