You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zookeeper.apache.org by "Edward Ribeiro (JIRA)" <ji...@apache.org> on 2016/09/19 14:37:20 UTC

[jira] [Updated] (ZOOKEEPER-2591) The deletion of Container znode doesn't check ACL delete permission

     [ https://issues.apache.org/jira/browse/ZOOKEEPER-2591?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Edward Ribeiro updated ZOOKEEPER-2591:
--------------------------------------
    Description: 
Container nodes check the ACL before creation, but the deletion doesn't check  the ACL rights. The code below succeeds even tough we removed ACL access permissions for "/a".

{code}
        zk.create("/a", null, Ids.OPEN_ACL_UNSAFE, CreateMode.CONTAINER);
        ArrayList<ACL> list = new ArrayList<>();
        list.add(new ACL(0, Ids.ANYONE_ID_UNSAFE));
        zk.setACL("/", list, -1);

        zk.delete("/a", -1);
{code}

  was:
Container nodes check the ACL before creation, but the deletion doesn't check  the ACL rights. The code below succeeds even tough we removed ACL access permissions for "/a".

{code}
        zk.create("/a", null, Ids.OPEN_ACL_UNSAFE, CreateMode.CONTAINER);
        ArrayList<ACL> list = new ArrayList<>();
        list.add(new ACL(0, Ids.ANYONE_ID_UNSAFE));
        zk.setACL("/a", list, -1);

        zk.delete("/a", -1);
{code}


> The deletion of Container znode doesn't check ACL delete permission
> -------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-2591
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2591
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: security, server
>            Reporter: Edward Ribeiro
>            Assignee: Edward Ribeiro
>
> Container nodes check the ACL before creation, but the deletion doesn't check  the ACL rights. The code below succeeds even tough we removed ACL access permissions for "/a".
> {code}
>         zk.create("/a", null, Ids.OPEN_ACL_UNSAFE, CreateMode.CONTAINER);
>         ArrayList<ACL> list = new ArrayList<>();
>         list.add(new ACL(0, Ids.ANYONE_ID_UNSAFE));
>         zk.setACL("/", list, -1);
>         zk.delete("/a", -1);
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)