You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@hbase.apache.org by "Pankaj Kumar (JIRA)" <ji...@apache.org> on 2015/09/14 15:01:45 UTC

[jira] [Created] (HBASE-14425) In Secure Zookeeper cluster superuser will not have sufficient permission if muliple values are configured in "hbase.superuser"

Pankaj Kumar created HBASE-14425:
------------------------------------

             Summary: In Secure Zookeeper cluster superuser will not have sufficient permission if muliple values are configured in "hbase.superuser"
                 Key: HBASE-14425
                 URL: https://issues.apache.org/jira/browse/HBASE-14425
             Project: HBase
          Issue Type: Bug
            Reporter: Pankaj Kumar
            Assignee: Pankaj Kumar


During master intialization we are setting ACLs for the znodes.

In ZKUtil.createACL(ZooKeeperWatcher zkw, String node, boolean isSecureZooKeeper),
{code}
      String superUser = zkw.getConfiguration().get("hbase.superuser");
      ArrayList<ACL> acls = new ArrayList<ACL>();
      // add permission to hbase supper user
      if (superUser != null) {
        acls.add(new ACL(Perms.ALL, new Id("auth", superUser)));
      }
{code}

Here we are directly setting "hbase.superuser" value to Znode which will cause an issue when multiple values are configured. In "hbase.superuser" multiple superusers and supergroups can be configured separated by comma. We need to iterate them and set ACL.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)