[jira] [Commented] (SOLR-8792) ZooKeeper ACL not restricting access to zkcli

Ishan Chattopadhyaya (JIRA) Thu, 14 Apr 2016 01:24:40 -0700

    [ 
https://issues.apache.org/jira/browse/SOLR-8792?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15240796#comment-15240796
 ]


Ishan Chattopadhyaya commented on SOLR-8792:
--------------------------------------------

It seems that during the Solr startup, the ACL provider is already chosen (as 
the default) even before solr.xml is loaded. Hence, specifying a different ACL 
provider is not working.

{code}
INFO  - 2016-04-14 08:15:59.039; [   ] 
org.apache.solr.common.cloud.SolrZkClient; Using default ZkCredentialsProvider
INFO  - 2016-04-14 08:15:59.059; [   ] 
org.apache.solr.common.cloud.ConnectionManager; Waiting for client to connect 
to ZooKeeper
INFO  - 2016-04-14 08:15:59.145; [   ] 
org.apache.solr.common.cloud.ConnectionManager; Watcher 
org.apache.solr.common.cloud.ConnectionManager@30b99be5 
name:ZooKeeperConnection Watcher:zk1:2181 got event WatchedEvent 
state:SyncConnected type:None path:null path:null type:None
INFO  - 2016-04-14 08:15:59.145; [   ] 
org.apache.solr.common.cloud.ConnectionManager; Client is connected to ZooKeeper
INFO  - 2016-04-14 08:15:59.145; [   ] 
org.apache.solr.common.cloud.SolrZkClient; Using default ZkACLProvider
INFO  - 2016-04-14 08:15:59.160; [   ] 
org.apache.solr.servlet.SolrDispatchFilter; Loading solr.xml from SolrHome (not 
found in ZooKeeper)
{code}

> ZooKeeper ACL not restricting access to zkcli
> ---------------------------------------------
>
>                 Key: SOLR-8792
>                 URL: https://issues.apache.org/jira/browse/SOLR-8792
>             Project: Solr
>          Issue Type: Bug
>          Components: Authentication, documentation
>    Affects Versions: 5.0
>            Reporter: Esther Quansah
>              Labels: acl, authentication, security, zkcli, zkcli.sh, zookeeper
>
> The documentation presented here: 
> https://cwiki.apache.org/confluence/display/solr/ZooKeeper+Access+Control
> details the process of securing Solr content in ZooKeeper using ACLs. In the 
> example usages, it is mentioned that access to zkcli can be restricted by 
> adding credentials to the zkcli.sh script in addition to adding the 
> appropriate classnames to solr.xml. With the scripts in zkcli.sh, another 
> machine should not be able to read or write from the host ZK without the 
> necessary credentials. At this time, machines are able to read/write from the 
> host ZK with or without these credentials.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

[jira] [Commented] (SOLR-8792) ZooKeeper ACL not restricting access to zkcli

Reply via email to