You are viewing a plain text version of this content. The canonical link for it is here.

Posted to user@zookeeper.apache.org by Benjamin Reed <br...@yahoo-inc.com> on 2009/06/16 21:07:51 UTC

"Fixing" ZooDefs.PERMS.ALL

We have discovered that there is a bug in ZooDefs.PERMS.ALL: it is 
missing ZooDefs.PERMS.ADMIN, thus it isn't really ALL :) The problem is 
that the C binding includes ADMIN in ALL, so we have an inconsistency 
between the two bindings. We would like to fix this as a bug fix in the 
next release, but it does change behavior, so we wanted to run in by the 
list to get our users' opinions.

To understand the behavioral change let me first remind you that the 
ADMIN permission is only used with the setACL operation. Normally, 
developers use PERMS.ALL indirectly by using ids.OPEN_ACL_UNSAFE. So, 
doing zk.create(path, data, Ids.OPEN_ACL_UNSAFE, flags) will create a
znode for which no one will have the ability to change the ACL, ie call 
setACL. If we fix this, everyone will be able to change the ACL of the 
znode, which corresponds to the behavior of using OPEN_ACL_UNSAFE with 
the C binding.

(Note: nodes that were previously created with OPEN_ACL_UNSAFE or 
PERMS.ALL, will not be affected since these are just client side macros.)

Thoughts? Suggestions?

thanx

ben

Re: "Fixing" ZooDefs.PERMS.ALL

Posted by Joey Echeverria <jo...@gmail.com>.

I think adding ZooDefs.PERMS.ADMIN to ZooDefs.PERMS.ALL makes sense. I
bet very few, if any, of the people using OPEN_ACL_UNSAFE did so with
the express desire to block calls to setACL().

-Joey

On Tue, Jun 16, 2009 at 8:07 PM, Benjamin Reed<br...@yahoo-inc.com> wrote:
> We have discovered that there is a bug in ZooDefs.PERMS.ALL: it is missing
> ZooDefs.PERMS.ADMIN, thus it isn't really ALL :) The problem is that the C
> binding includes ADMIN in ALL, so we have an inconsistency between the two
> bindings. We would like to fix this as a bug fix in the next release, but it
> does change behavior, so we wanted to run in by the list to get our users'
> opinions.
>
> To understand the behavioral change let me first remind you that the ADMIN
> permission is only used with the setACL operation. Normally, developers use
> PERMS.ALL indirectly by using ids.OPEN_ACL_UNSAFE. So, doing zk.create(path,
> data, Ids.OPEN_ACL_UNSAFE, flags) will create a
> znode for which no one will have the ability to change the ACL, ie call
> setACL. If we fix this, everyone will be able to change the ACL of the
> znode, which corresponds to the behavior of using OPEN_ACL_UNSAFE with the C
> binding.
>
> (Note: nodes that were previously created with OPEN_ACL_UNSAFE or PERMS.ALL,
> will not be affected since these are just client side macros.)
>
> Thoughts? Suggestions?
>
> thanx
>
> ben
>