Robert Joseph Evans created ZOOKEEPER-1782:
----------------------------------------------
Summary: zookeeper.superUser is not as super as superDigest
Key: ZOOKEEPER-1782
URL: https://issues.apache.org/jira/browse/ZOOKEEPER-1782
Project: ZooKeeper
Issue Type: Bug
Affects Versions: 3.4.5
Reporter: Robert Joseph Evans
The zookeeper.superUser system property does not fully grant super user
privileges, like zookeeper.DigestAuthenticationProvider.superDigest does.
zookeeper.superUser only has as many privileges as the sasl ACLs on the znode
being accessed. This means that if a znode only has digest ACLs
zookeeper.superUser is ignored. Or if a znode has a single sasl ACL that only
has read privileges zookeeper.superUser only has read privileges.
The reason for this is that SASLAuthenticationProvider implements the superUser
check in the matches method, instead of having the super user include a new
Id("super","") as Digest does.
--
This message was sent by Atlassian JIRA
(v6.1#6144)
