Edward Ribeiro created ZOOKEEPER-2590: -----------------------------------------
Summary: setACL doesn't affect exists() operation Key: ZOOKEEPER-2590 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2590 Project: ZooKeeper Issue Type: Bug Reporter: Edward Ribeiro As hinted [here|https://github.com/apache/zookeeper/blob/master/src/java/main/org/apache/zookeeper/server/FinalRequestProcessor.java#L298], even if a parent znode path has restricted READ access it's possible to issue an exists() operation on any child znode of that given path. For example, the snippet below doesn't throw {{NoAuthExceptio}}, even tough it removes ACL rights to "/": {code} zk.create("/a", null, Ids.OPEN_ACL_UNSAFE, CreateMode.PERSISTENT); ArrayList<ACL> acls = new ArrayList<>(); acls.add(new ACL(0, Ids.ANYONE_ID_UNSAFE)); zk.setACL("/", acls, -1); Stat r = zk.exists("/a", false); {code} -- This message was sent by Atlassian JIRA (v6.3.4#6332)