[
https://issues.apache.org/jira/browse/ZOOKEEPER-2779?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Jordan Zimmerman updated ZOOKEEPER-2779:
----------------------------------------
Description: ZOOKEEPER-2014 changed the behavior of the /zookeeper/config
node by setting the ACL to {{ZooDefs.Ids.READ_ACL_UNSAFE}}. This change makes
it very cumbersome to use the reconfig APIs. It also, perversely, makes
security worse as the entire ZooKeeper instance must be opened to "super" user
while enabled reconfig (per {{ReconfigExceptionTest.java}}). Provide a
mechanism for savvy users to disable this ACL so that an application-specific
custom ACL can be set. (was: ZOOKEEPER-2014 changed the behavior of the
/zookeeper/config node by setting the ACL to {{ZooDefs.Ids.READ_ACL_UNSAFE}}.
This change makes it very cumbersome to use the reconfig APIs. It also,
perversely, makes security worse as the ZooKeeper instance must be opened to
"super" user while enabled reconfig (per {{ReconfigExceptionTest.java}}).
Provide a mechanism for savvy users to disable this ACL so that an
application-specific custom ACL can be set.)
> Add option to not set ACL for reconfig node
> -------------------------------------------
>
> Key: ZOOKEEPER-2779
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-2779
> Project: ZooKeeper
> Issue Type: Improvement
> Components: server
> Affects Versions: 3.5.3
> Reporter: Jordan Zimmerman
> Assignee: Jordan Zimmerman
> Fix For: 3.5.4, 3.6.0
>
>
> ZOOKEEPER-2014 changed the behavior of the /zookeeper/config node by setting
> the ACL to {{ZooDefs.Ids.READ_ACL_UNSAFE}}. This change makes it very
> cumbersome to use the reconfig APIs. It also, perversely, makes security
> worse as the entire ZooKeeper instance must be opened to "super" user while
> enabled reconfig (per {{ReconfigExceptionTest.java}}). Provide a mechanism
> for savvy users to disable this ACL so that an application-specific custom
> ACL can be set.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
