You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by "allengao (JIRA)" <ji...@apache.org> on 2010/12/27 04:26:45 UTC
[jira] Created: (ZOOKEEPER-964) How to avoid dead nodes generated?
These nodes can't be deleted because there parent don't have delete and
setacl permission.
How to avoid dead nodes generated? These nodes can't be deleted because there parent don't have delete and setacl permission.
-----------------------------------------------------------------------------------------------------------------------------
Key: ZOOKEEPER-964
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-964
Project: ZooKeeper
Issue Type: Wish
Components: server
Affects Versions: 3.3.2
Environment: i686-suse-linux
Reporter: allengao
Fix For: 3.4.0
When a node which do not have setacl and delete permission was created (eg. permits=0x01), its children will never be deleted, even use superDigest。So, how to avoid this situation?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Updated: (ZOOKEEPER-964) How to avoid dead nodes generated?
These nodes can't be deleted because there parent don't have delete and
setacl permission.
Posted by "allengao (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-964?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
allengao updated ZOOKEEPER-964:
-------------------------------
Attachment: AclTest4ZKGroup.cpp
This .cpp tests the issue. If we do like this:
1) create a node with open acl for anyone
2) set its acl with permits=0x18 which means "--cwr", don't have setacl and delete permits.
3) create a child node for this node
result: we can't delete the child node, and also can't change acl of its parent node. Even we can't do this using SuperDigest, beacause the method checkACL check perm before whether it is SuperDigest.
static void checkACL(ZooKeeperServer zks, List<ACL> acl, int perm,List<Id> ids) throws KeeperException.NoAuthException
{
if (skipACL)
{
return;
}
if (acl == null || acl.size() == 0)
{
return;
}
for (ACL a : acl)
{
Id id = a.getId();
if ((a.getPerms() & perm) != 0)
{
if (id.getScheme().equals("world")
&& id.getId().equals("anyone"))
{
return;
}
AuthenticationProvider ap = ProviderRegistry.getProvider(id
.getScheme());
if (ap != null)
{
for (Id authId : ids)
{
if (authId.getScheme().equals("super"))
{
return;
}
if (authId.getScheme().equals(id.getScheme())
&& ap.matches(authId.getId(), id.getId()))
{
return;
}
}
}
}
}
throw new KeeperException.NoAuthException();
}
advice: whether we can judge SuperDigest before permits match? By doing this, we can modify acls of any nodes use SuperDigest.
> How to avoid dead nodes generated? These nodes can't be deleted because there parent don't have delete and setacl permission.
> -----------------------------------------------------------------------------------------------------------------------------
>
> Key: ZOOKEEPER-964
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-964
> Project: ZooKeeper
> Issue Type: Wish
> Components: server
> Affects Versions: 3.3.2
> Environment: i686-suse-linux
> Reporter: allengao
> Fix For: 3.4.0
>
> Attachments: AclTest4ZKGroup.cpp
>
> Original Estimate: 336h
> Remaining Estimate: 336h
>
> When a node which do not have setacl and delete permission was created (eg. permits=0x01), its children will never be deleted, even use superDigest。So, how to avoid this situation?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (ZOOKEEPER-964) How to avoid dead nodes
generated? These nodes can't be deleted because there parent don't have
delete and setacl permission.
Posted by "Mahadev konar (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/ZOOKEEPER-964?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12976913#action_12976913 ]
Mahadev konar commented on ZOOKEEPER-964:
-----------------------------------------
allen,
Can you provide a test program? Shouldnt you be able to change acl again on the node and then be able to delete the children?
> How to avoid dead nodes generated? These nodes can't be deleted because there parent don't have delete and setacl permission.
> -----------------------------------------------------------------------------------------------------------------------------
>
> Key: ZOOKEEPER-964
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-964
> Project: ZooKeeper
> Issue Type: Wish
> Components: server
> Affects Versions: 3.3.2
> Environment: i686-suse-linux
> Reporter: allengao
> Fix For: 3.4.0
>
> Original Estimate: 336h
> Remaining Estimate: 336h
>
> When a node which do not have setacl and delete permission was created (eg. permits=0x01), its children will never be deleted, even use superDigest。So, how to avoid this situation?
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.