You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@zookeeper.apache.org by "Chelambarasan (Jira)" <ji...@apache.org> on 2020/10/14 07:00:00 UTC
[jira] [Commented] (ZOOKEEPER-3617) ZK digest ACL permissions gets
overridden
[ https://issues.apache.org/jira/browse/ZOOKEEPER-3617?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17213668#comment-17213668 ]
Chelambarasan commented on ZOOKEEPER-3617:
------------------------------------------
[~maoling], Could you please let us know if the issue is fixed?
> ZK digest ACL permissions gets overridden
> -----------------------------------------
>
> Key: ZOOKEEPER-3617
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-3617
> Project: ZooKeeper
> Issue Type: Bug
> Components: security, server
> Affects Versions: 3.4.9, 3.5.5
> Reporter: Vrinda Davda
> Assignee: maoling
> Priority: Major
> Labels: pull-request-available
> Fix For: 3.7.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> I was able to add one user with /crdwa/ access.
> The moment I add another user with read-only access- /r/. The first user - /user1/
> gets overridden with read-only access. Please see the output below :
>
> {code:java}
> WatchedEvent state:SyncConnected type:None path:null
> [zk: localhost:2181(CONNECTED) 0] addauth digest user1:password1
> [zk: localhost:2181(CONNECTED) 1] setAcl /newznode auth:user1:password1:crwad
> cZxid = 0xe
> ctime = Thu Nov 07 13:29:43 IST 2019
> mZxid = 0xe
> mtime = Thu Nov 07 13:29:43 IST 2019
> pZxid = 0xe
> cversion = 0
> dataVersion = 0
> aclVersion = 1
> ephemeralOwner = 0x0
> dataLength = 8
> numChildren = 0
> [zk: localhost:2181(CONNECTED) 2] getAcl /newznode
> 'digest,'user1:XDkd2dsEuhc9ImU3q8pa8UOdtpI=
> : cdrwa
> [zk: localhost:2181(CONNECTED) 3] addauth digest user2:password2
> [zk: localhost:2181(CONNECTED) 4] setAcl /newznode auth:user2:password2:r
> cZxid = 0xe
> ctime = Thu Nov 07 13:29:43 IST 2019
> mZxid = 0xe
> mtime = Thu Nov 07 13:29:43 IST 2019
> pZxid = 0xe
> cversion = 0
> dataVersion = 0
> aclVersion = 2
> ephemeralOwner = 0x0
> dataLength = 8
> numChildren = 0
> zk: localhost:2181(CONNECTED) 5] getAcl /newznode
> 'digest,'user1:XDkd2dsEuhc9ImU3q8pa8UOdtpI=
> : r
> 'digest,'user2:lo/iTtNMP+gEZlpUNaCqLYO3i5U=
> : r
> {code}
>
> If setAcl for both the users at the same time. I get both users duplicated, one with readonly and another with cdrwa permissions, as below:
>
> {code:java}
> [zk: localhost:2181(CONNECTED) 1] getAcl /zk_test
> 'world,'anyone
> : cdrwa
> [zk: localhost:2181(CONNECTED) 2] addauth digest user1:password1
> [zk: localhost:2181(CONNECTED) 3] addauth digest user2:password2
> [zk: localhost:2181(CONNECTED) 5]
> setAcl /zk_test auth:user2:password2:r,auth:user1:password1:cdrwa
> cZxid = 0x2
> ctime = Wed Nov 13 20:14:08 IST 2019
> mZxid = 0x2
> mtime = Wed Nov 13 20:14:08 IST 2019
> pZxid = 0x2
> cversion = 0
> dataVersion = 0
> aclVersion = 2
> ephemeralOwner = 0x0
> dataLength = 7
> numChildren = 0
> [zk: localhost:2181(CONNECTED) 7] getAcl /zk_test
> 'digest,'user1:XDkd2dsEuhc9ImU3q8pa8UOdtpI=
> : r
> 'digest,'user2:lo/iTtNMP+gEZlpUNaCqLYO3i5U=
> : r
> 'digest,'user1:XDkd2dsEuhc9ImU3q8pa8UOdtpI=
> : cdrwa
> 'digest,'user2:lo/iTtNMP+gEZlpUNaCqLYO3i5U=
> : cdrwa
> {code}
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)