You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@zookeeper.apache.org by "neha (JIRA)" <ji...@apache.org> on 2016/09/20 13:15:20 UTC
[jira] [Updated] (ZOOKEEPER-2595) znode created with acl enabled on
it can be deleted by any unauthorised user, when it has no child znodes
[ https://issues.apache.org/jira/browse/ZOOKEEPER-2595?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
neha updated ZOOKEEPER-2595:
----------------------------
Description:
user1 sets ACL on one znode for user 2
example :
create /xyz data sasl:user2/xyz@XYZ.COM:cdr
now user3 can login to zkCli and delete /xyz if it has no children nodes, even when it does not have access
was:
user1 sets ACL on one znode for user 2
example :
<code>
create /xyz data sasl:user2/xyz@XYZ.COM:cdr
</code>
now user3 can login to zkCli and delete /xyz if it has no children nodes, even when it does not have access
> znode created with acl enabled on it can be deleted by any unauthorised user, when it has no child znodes
> ---------------------------------------------------------------------------------------------------------
>
> Key: ZOOKEEPER-2595
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2595
> Project: ZooKeeper
> Issue Type: Bug
> Reporter: neha
>
> user1 sets ACL on one znode for user 2
> example :
> create /xyz data sasl:user2/xyz@XYZ.COM:cdr
> now user3 can login to zkCli and delete /xyz if it has no children nodes, even when it does not have access
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)