incubator-slider git commit: SLIDER-931 Security permissions on set up ZK path are too lax

Tue, 01 Sep 2015 12:03:13 -0700 

Repository: incubator-slider
Updated Branches:
  refs/heads/develop b30707d82 -> 3fbe9ff64


SLIDER-931 Security permissions on set up ZK path are too lax


Project: http://git-wip-us.apache.org/repos/asf/incubator-slider/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-slider/commit/3fbe9ff6
Tree: http://git-wip-us.apache.org/repos/asf/incubator-slider/tree/3fbe9ff6
Diff: http://git-wip-us.apache.org/repos/asf/incubator-slider/diff/3fbe9ff6

Branch: refs/heads/develop
Commit: 3fbe9ff64eb21ece464979fc0cb165e8ade78e2d
Parents: b30707d
Author: Steve Loughran <[email protected]>
Authored: Tue Sep 1 19:58:47 2015 +0100
Committer: Steve Loughran <[email protected]>
Committed: Tue Sep 1 19:58:47 2015 +0100

----------------------------------------------------------------------
 .../main/java/org/apache/slider/client/SliderClient.java  | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-slider/blob/3fbe9ff6/slider-core/src/main/java/org/apache/slider/client/SliderClient.java
----------------------------------------------------------------------
diff --git 
a/slider-core/src/main/java/org/apache/slider/client/SliderClient.java 
b/slider-core/src/main/java/org/apache/slider/client/SliderClient.java
index 96278a7..323bc73 100644
--- a/slider-core/src/main/java/org/apache/slider/client/SliderClient.java
+++ b/slider-core/src/main/java/org/apache/slider/client/SliderClient.java
@@ -164,6 +164,7 @@ import 
org.apache.slider.server.services.utility.AbstractSliderLaunchedService;
 import org.apache.zookeeper.CreateMode;
 import org.apache.zookeeper.KeeperException;
 import org.apache.zookeeper.ZooDefs;
+import org.apache.zookeeper.data.ACL;
 import org.codehaus.jettison.json.JSONException;
 import org.codehaus.jettison.json.JSONObject;
 import org.slf4j.Logger;
@@ -536,12 +537,15 @@ public class SliderClient extends 
AbstractSliderLaunchedService implements RunSe
     if (nameOnly) {
       return zkPath;
     }
-    Configuration config = getConfig();
     ZKIntegration client = getZkClient(clusterName, user);
     if (client != null) {
       try {
-        client.createPath(zkPath, "", ZooDefs.Ids.OPEN_ACL_UNSAFE,
-                          CreateMode.PERSISTENT);
+        List<ACL> zkperms = new ArrayList<>();
+        zkperms.addAll(ZooDefs.Ids.CREATOR_ALL_ACL);
+        zkperms.addAll(ZooDefs.Ids.READ_ACL_UNSAFE);
+        client.createPath(zkPath, "",
+            zkperms,
+            CreateMode.PERSISTENT);
         return zkPath;
       } catch (InterruptedException | KeeperException e) {
         log.warn("Unable to create default zk node {}", zkPath, e);

Reply via email to