You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@zookeeper.apache.org by "Edward Ribeiro (JIRA)" <ji...@apache.org> on 2016/09/18 01:52:20 UTC

[jira] [Created] (ZOOKEEPER-2590) setACL doesn't affect exists() operation

Edward Ribeiro created ZOOKEEPER-2590:
-----------------------------------------

             Summary: setACL doesn't affect exists() operation
                 Key: ZOOKEEPER-2590
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2590
             Project: ZooKeeper
          Issue Type: Bug
            Reporter: Edward Ribeiro


As hinted  [here|https://github.com/apache/zookeeper/blob/master/src/java/main/org/apache/zookeeper/server/FinalRequestProcessor.java#L298], even if a parent znode path has restricted READ access it's possible to issue an exists() operation on any child znode of that given path.

 For example, the snippet below doesn't throw {{NoAuthExceptio}}, even tough it removes ACL rights to "/":

{code}
        zk.create("/a", null, Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
        ArrayList<ACL> acls = new ArrayList<>();
        acls.add(new ACL(0, Ids.ANYONE_ID_UNSAFE));

        zk.setACL("/", acls, -1);

        Stat r = zk.exists("/a", false);
{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)