You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by "allengao (JIRA)" <ji...@apache.org> on 2011/01/12 12:25:46 UTC
[jira] Updated: (ZOOKEEPER-964) How to avoid dead nodes generated?
These nodes can't be deleted because there parent don't have delete and
setacl permission.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-964?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
allengao updated ZOOKEEPER-964:
-------------------------------
Attachment: AclTest4ZKGroup.cpp
This .cpp tests the issue. If we do like this:
1) create a node with open acl for anyone
2) set its acl with permits=0x18 which means "--cwr", don't have setacl and delete permits.
3) create a child node for this node
result: we can't delete the child node, and also can't change acl of its parent node. Even we can't do this using SuperDigest, beacause the method checkACL check perm before whether it is SuperDigest.
static void checkACL(ZooKeeperServer zks, List<ACL> acl, int perm,List<Id> ids) throws KeeperException.NoAuthException
{
if (skipACL)
{
return;
}
if (acl == null || acl.size() == 0)
{
return;
}
for (ACL a : acl)
{
Id id = a.getId();
if ((a.getPerms() & perm) != 0)
{
if (id.getScheme().equals("world")
&& id.getId().equals("anyone"))
{
return;
}
AuthenticationProvider ap = ProviderRegistry.getProvider(id
.getScheme());
if (ap != null)
{
for (Id authId : ids)
{
if (authId.getScheme().equals("super"))
{
return;
}
if (authId.getScheme().equals(id.getScheme())
&& ap.matches(authId.getId(), id.getId()))
{
return;
}
}
}
}
}
throw new KeeperException.NoAuthException();
}
advice: whether we can judge SuperDigest before permits match? By doing this, we can modify acls of any nodes use SuperDigest.
> How to avoid dead nodes generated? These nodes can't be deleted because there parent don't have delete and setacl permission.
> -----------------------------------------------------------------------------------------------------------------------------
>
> Key: ZOOKEEPER-964
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-964
> Project: ZooKeeper
> Issue Type: Wish
> Components: server
> Affects Versions: 3.3.2
> Environment: i686-suse-linux
> Reporter: allengao
> Fix For: 3.4.0
>
> Attachments: AclTest4ZKGroup.cpp
>
> Original Estimate: 336h
> Remaining Estimate: 336h
>
> When a node which do not have setacl and delete permission was created (eg. permits=0x01), its children will never be deleted, even use superDigest。So, how to avoid this situation?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.