Edward Ribeiro created ZOOKEEPER-2590:

             Summary: setACL doesn't affect exists() operation
                 Key: ZOOKEEPER-2590
                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2590
             Project: ZooKeeper
          Issue Type: Bug
            Reporter: Edward Ribeiro

As hinted  
 even if a parent znode path has restricted READ access it's possible to issue 
an exists() operation on any child znode of that given path.

 For example, the snippet below doesn't throw {{NoAuthExceptio}}, even tough it 
removes ACL rights to "/":

        zk.create("/a", null, Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT);
        ArrayList<ACL> acls = new ArrayList<>();
        acls.add(new ACL(0, Ids.ANYONE_ID_UNSAFE));

        zk.setACL("/", acls, -1);

        Stat r = zk.exists("/a", false);

This message was sent by Atlassian JIRA

Reply via email to