[ https://issues.apache.org/jira/browse/ZOOKEEPER-2014?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15455970#comment-15455970 ]
Hadoop QA commented on ZOOKEEPER-2014: -------------------------------------- +1 overall. Here are the results of testing the latest attachment http://issues.apache.org/jira/secure/attachment/12826655/ZOOKEEPER-2014.patch against trunk revision 1757584. +1 @author. The patch does not contain any @author tags. +1 tests included. The patch appears to include 37 new or modified tests. +1 javadoc. The javadoc tool did not generate any warning messages. +1 javac. The applied patch does not increase the total number of javac compiler warnings. +1 findbugs. The patch does not introduce any new Findbugs (version 2.0.3) warnings. +1 release audit. The applied patch does not increase the total number of release audit warnings. +1 core tests. The patch passed core unit tests. +1 contrib tests. The patch passed contrib unit tests. Test results: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/3378//testReport/ Findbugs warnings: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/3378//artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html Console output: https://builds.apache.org/job/PreCommit-ZOOKEEPER-Build/3378//console This message is automatically generated. > Only admin should be allowed to reconfig a cluster > -------------------------------------------------- > > Key: ZOOKEEPER-2014 > URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2014 > Project: ZooKeeper > Issue Type: Bug > Components: server > Affects Versions: 3.5.0 > Reporter: Raul Gutierrez Segales > Assignee: Michael Han > Priority: Blocker > Fix For: 3.5.3 > > Attachments: ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch, > ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch > > > ZOOKEEPER-107 introduces reconfiguration support via the reconfig() call. We > should, at the very least, ensure that only the Admin can reconfigure a > cluster. Perhaps restricting access to /zookeeper/config as well, though this > is debatable. Surely one could ensure Admin only access via an ACL, but that > would leave everyone who doesn't use ACLs unprotected. We could also force a > default ACL to make it a bit more consistent (maybe). > Finally, making reconfig() only available to Admins means they have to run > with zookeeper.DigestAuthenticationProvider.superDigest (which I am not sure > if everyone does, or how would it work with other authentication providers). -- This message was sent by Atlassian JIRA (v6.3.4#6332)