You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by "allengao (JIRA)" <ji...@apache.org> on 2010/12/27 04:26:45 UTC

[jira] Created: (ZOOKEEPER-964) How to avoid dead nodes generated? These nodes can't be deleted because there parent don't have delete and setacl permission.

How to avoid dead nodes generated? These nodes can't be deleted because there parent don't have delete and setacl permission.
-----------------------------------------------------------------------------------------------------------------------------

                 Key: ZOOKEEPER-964
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-964
             Project: ZooKeeper
          Issue Type: Wish
          Components: server
    Affects Versions: 3.3.2
         Environment: i686-suse-linux
            Reporter: allengao
             Fix For: 3.4.0


When a node which do not have setacl and delete permission was created (eg. permits=0x01), its children will never be deleted, even use superDigest。So, how to avoid this situation?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Updated: (ZOOKEEPER-964) How to avoid dead nodes generated? These nodes can't be deleted because there parent don't have delete and setacl permission.

Posted by "allengao (JIRA)" <ji...@apache.org>.
     [ https://issues.apache.org/jira/browse/ZOOKEEPER-964?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

allengao updated ZOOKEEPER-964:
-------------------------------

    Attachment: AclTest4ZKGroup.cpp

This .cpp tests the issue. If we do like this: 
1) create a node with open acl for anyone 
2) set its acl with permits=0x18 which means "--cwr", don't have setacl and delete permits.
3) create a child node for this node
result: we can't delete the child node, and also can't change  acl of its parent node. Even we can't do this using SuperDigest, beacause the method checkACL check perm before whether it is SuperDigest.

static void checkACL(ZooKeeperServer zks, List<ACL> acl, int perm,List<Id> ids) throws KeeperException.NoAuthException
	{
		if (skipACL)
		{
			return;
		}
		if (acl == null || acl.size() == 0)
		{
			return;
		}
		for (ACL a : acl)
		{
			Id id = a.getId();
			if ((a.getPerms() & perm) != 0)
			{
				if (id.getScheme().equals("world")
					&& id.getId().equals("anyone"))
				{
					return;
				}
				AuthenticationProvider ap = ProviderRegistry.getProvider(id
					.getScheme());
				if (ap != null)
				{
					for (Id authId : ids)
					{
						if (authId.getScheme().equals("super"))
						{
							return;
						}
						if (authId.getScheme().equals(id.getScheme())
							&& ap.matches(authId.getId(), id.getId()))
						{
							return;
						}
					}
				}
			}
		}
		throw new KeeperException.NoAuthException();
	}

advice: whether we can judge SuperDigest before permits match? By doing this, we can modify acls of any nodes use SuperDigest.

> How to avoid dead nodes generated? These nodes can't be deleted because there parent don't have delete and setacl permission.
> -----------------------------------------------------------------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-964
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-964
>             Project: ZooKeeper
>          Issue Type: Wish
>          Components: server
>    Affects Versions: 3.3.2
>         Environment: i686-suse-linux
>            Reporter: allengao
>             Fix For: 3.4.0
>
>         Attachments: AclTest4ZKGroup.cpp
>
>   Original Estimate: 336h
>  Remaining Estimate: 336h
>
> When a node which do not have setacl and delete permission was created (eg. permits=0x01), its children will never be deleted, even use superDigest。So, how to avoid this situation?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.

[jira] Commented: (ZOOKEEPER-964) How to avoid dead nodes generated? These nodes can't be deleted because there parent don't have delete and setacl permission.

Posted by "Mahadev konar (JIRA)" <ji...@apache.org>.
    [ https://issues.apache.org/jira/browse/ZOOKEEPER-964?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12976913#action_12976913 ] 

Mahadev konar commented on ZOOKEEPER-964:
-----------------------------------------

allen,
 Can you provide a test program? Shouldnt you be able to change acl again on the node and then be able to delete the children?

> How to avoid dead nodes generated? These nodes can't be deleted because there parent don't have delete and setacl permission.
> -----------------------------------------------------------------------------------------------------------------------------
>
>                 Key: ZOOKEEPER-964
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-964
>             Project: ZooKeeper
>          Issue Type: Wish
>          Components: server
>    Affects Versions: 3.3.2
>         Environment: i686-suse-linux
>            Reporter: allengao
>             Fix For: 3.4.0
>
>   Original Estimate: 336h
>  Remaining Estimate: 336h
>
> When a node which do not have setacl and delete permission was created (eg. permits=0x01), its children will never be deleted, even use superDigest。So, how to avoid this situation?

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.