[jira] [Updated] (ZOOKEEPER-2014) Only admin should be allowed to reconfig a cluster

Mon, 17 Oct 2016 22:15:55 -0700 

     [ 
https://issues.apache.org/jira/browse/ZOOKEEPER-2014?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Michael Han updated ZOOKEEPER-2014:
-----------------------------------
    Attachment: ZOOKEEPER-2014.patch

Upload new patch to address Abe's review comments. 
* Don't swallow the KeeperException when setting ACL on the config node during 
DataTree creation, instead let the exception bubble up to stop ZK server 
startup. This is to make sure we always have access controlled config node 
after ZK server is started.
* The rest of changes are really mechanical changes due to the exception 
specification changes in signature.
* Passed internal stress test of all unit tests.

> Only admin should be allowed to reconfig a cluster
> --------------------------------------------------
>
>                 Key: ZOOKEEPER-2014
>                 URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2014
>             Project: ZooKeeper
>          Issue Type: Bug
>          Components: server
>    Affects Versions: 3.5.0
>            Reporter: Raul Gutierrez Segales
>            Assignee: Michael Han
>            Priority: Blocker
>             Fix For: 3.5.3
>
>         Attachments: ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch, 
> ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch, 
> ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch, 
> ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch, ZOOKEEPER-2014.patch, 
> ZOOKEEPER-2014.patch
>
>
> ZOOKEEPER-107 introduces reconfiguration support via the reconfig() call. We 
> should, at the very least, ensure that only the Admin can reconfigure a 
> cluster. Perhaps restricting access to /zookeeper/config as well, though this 
> is debatable. Surely one could ensure Admin only access via an ACL, but that 
> would leave everyone who doesn't use ACLs unprotected. We could also force a 
> default ACL to make it a bit more consistent (maybe).
> Finally, making reconfig() only available to Admins means they have to run 
> with zookeeper.DigestAuthenticationProvider.superDigest (which I am not sure 
> if everyone does, or how would it work with other authentication providers). 
> Review board https://reviews.apache.org/r/51546/



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to