You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@cassandra.apache.org by "Jérôme Mainaud (JIRA)" <ji...@apache.org> on 2016/05/11 21:54:12 UTC

[jira] [Created] (CASSANDRA-11755) nodetool info should run with "readonly" jmx access

Jérôme Mainaud created CASSANDRA-11755:
------------------------------------------

             Summary: nodetool info should run with "readonly" jmx access
                 Key: CASSANDRA-11755
                 URL: https://issues.apache.org/jira/browse/CASSANDRA-11755
             Project: Cassandra
          Issue Type: Improvement
          Components: Observability
            Reporter: Jérôme Mainaud
         Attachments: nodetool-info-exception-when-readonly.txt

nodetool info crash when granted with readonly jmx access

In the example given in attachment, the jmxremote.access file gives readonly access to the cassandra jmx role.

When the role is granted to readwrite access, everything works.

The main reason is that node datacenter and rack info are fetched by an operation invocation instead of by an attribute read. The former one is not allowed to the role with readonly access.

This is a security concern because nodetool info could be called by a monitoring agent (Nagios for instance) and enterprise policy often don't allow these agents to connect to JMX with higher privileges than "readonly".



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)