You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@zookeeper.apache.org by "maoling (Jira)" <ji...@apache.org> on 2020/02/29 08:18:00 UTC
[jira] [Updated] (ZOOKEEPER-3617) ZK digest ACL permissions gets
overridden
[ https://issues.apache.org/jira/browse/ZOOKEEPER-3617?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
maoling updated ZOOKEEPER-3617:
-------------------------------
Component/s: server
> ZK digest ACL permissions gets overridden
> -----------------------------------------
>
> Key: ZOOKEEPER-3617
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3617
> Project: ZooKeeper
> Issue Type: Bug
> Components: security, server
> Affects Versions: 3.4.9, 3.5.5
> Reporter: Vrinda Davda
> Priority: Major
>
> I was able to add one user with /crdwa/ access.
> The moment I add another user with read-only access- /r/. The first user - /user1/
> gets overridden with read-only access. Please see the output below :
>
> {code:java}
> WatchedEvent state:SyncConnected type:None path:null
> [zk: localhost:2181(CONNECTED) 0] addauth digest user1:password1
> [zk: localhost:2181(CONNECTED) 1] setAcl /newznode
> auth:user1:password1:crdwa
> cZxid = 0xe
> ctime = Thu Nov 07 13:29:43 IST 2019
> mZxid = 0xe
> mtime = Thu Nov 07 13:29:43 IST 2019
> pZxid = 0xe
> cversion = 0
> dataVersion = 0
> aclVersion = 1
> ephemeralOwner = 0x0
> dataLength = 8
> numChildren = 0
> [zk: localhost:2181(CONNECTED) 2] getAcl /newznode
> 'digest,'user1:XDkd2dsEuhc9ImU3q8pa8UOdtpI=
> : cdrwa
> [zk: localhost:2181(CONNECTED) 3] addauth digest user2:password2
> [zk: localhost:2181(CONNECTED) 4] setAcl /newznode auth:user2:password2:r
> cZxid = 0xe
> ctime = Thu Nov 07 13:29:43 IST 2019
> mZxid = 0xe
> mtime = Thu Nov 07 13:29:43 IST 2019
> pZxid = 0xe
> cversion = 0
> dataVersion = 0
> aclVersion = 2
> ephemeralOwner = 0x0
> dataLength = 8
> numChildren = 0
> zk: localhost:2181(CONNECTED) 5] getAcl /newznode
> 'digest,'user1:XDkd2dsEuhc9ImU3q8pa8UOdtpI=
> : r
> 'digest,'user2:lo/iTtNMP+gEZlpUNaCqLYO3i5U=
> : r
> {code}
>
> If setAcl for both the users at the same time. I get both users duplicated, one with readonly and another with cdrwa permissions, as below:
>
> {code:java}
> [zk: localhost:2181(CONNECTED) 1] getAcl /zk_test
> 'world,'anyone
> : cdrwa
> [zk: localhost:2181(CONNECTED) 2] addauth digest user1:password1
> [zk: localhost:2181(CONNECTED) 3] addauth digest user2:password2
> [zk: localhost:2181(CONNECTED) 4] setAcl /newznode
> auth:user2:password2:r,auth:user1:password1:cdrwa
> Node does not exist: /newznode
> [zk: localhost:2181(CONNECTED) 5] setAcl /zk_test
> auth:user2:password2:r,auth:user1:password1:cdrwa
> cZxid = 0x2
> ctime = Wed Nov 13 20:14:08 IST 2019
> mZxid = 0x2
> mtime = Wed Nov 13 20:14:08 IST 2019
> pZxid = 0x2
> cversion = 0
> dataVersion = 0
> aclVersion = 2
> ephemeralOwner = 0x0
> dataLength = 7
> numChildren = 0
> [zk: localhost:2181(CONNECTED) 6] getAcl
> [zk: localhost:2181(CONNECTED) 7] getAcl /zk_test
> 'digest,'user1:XDkd2dsEuhc9ImU3q8pa8UOdtpI=
> : r
> 'digest,'user2:lo/iTtNMP+gEZlpUNaCqLYO3i5U=
> : r
> 'digest,'user1:XDkd2dsEuhc9ImU3q8pa8UOdtpI=
> : cdrwa
> 'digest,'user2:lo/iTtNMP+gEZlpUNaCqLYO3i5U=
> : cdrwa
> [zk: localhost:2181(CONNECTED) 8]
> {code}
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)