You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "Hudson (JIRA)" <ji...@apache.org> on 2015/12/09 18:27:11 UTC

[jira] [Commented] (HBASE-14425) In Secure Zookeeper cluster superuser will not have sufficient permission if multiple values are configured in "hbase.superuser"

    [ https://issues.apache.org/jira/browse/HBASE-14425?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15049015#comment-15049015 ] 

Hudson commented on HBASE-14425:
--------------------------------

SUCCESS: Integrated in HBase-0.98-matrix #271 (See [https://builds.apache.org/job/HBase-0.98-matrix/271/])
HBASE-14425 In Secure Zookeeper cluster superuser will not have (apurtell: rev 33ecfc3b59f96d691186517b1ab6d8cf548360a3)
* hbase-client/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZKUtil.java
* hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java
* hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZooKeeperWatcher.java
* hbase-it/src/test/java/org/apache/hadoop/hbase/test/IntegrationTestZKAndFSPermissions.java


> In Secure Zookeeper cluster superuser will not have sufficient permission if multiple values are configured in "hbase.superuser"
> --------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: HBASE-14425
>                 URL: https://issues.apache.org/jira/browse/HBASE-14425
>             Project: HBase
>          Issue Type: Bug
>            Reporter: Pankaj Kumar
>            Assignee: Pankaj Kumar
>             Fix For: 2.0.0, 1.2.0, 1.3.0, 0.98.17
>
>         Attachments: HBASE-14425-V2.patch, HBASE-14425-V2.patch, HBASE-14425.patch
>
>
> During master intialization we are setting ACLs for the znodes.
> In ZKUtil.createACL(ZooKeeperWatcher zkw, String node, boolean isSecureZooKeeper),
> {code}
>       String superUser = zkw.getConfiguration().get("hbase.superuser");
>       ArrayList<ACL> acls = new ArrayList<ACL>();
>       // add permission to hbase supper user
>       if (superUser != null) {
>         acls.add(new ACL(Perms.ALL, new Id("auth", superUser)));
>       }
> {code}
> Here we are directly setting "hbase.superuser" value to Znode which will cause an issue when multiple values are configured. In "hbase.superuser" multiple superusers and supergroups can be configured separated by comma. We need to iterate them and set ACL.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)