[jira] [Commented] (DRILL-5671) Set secure ACLs (Access Control List) for Drill ZK nodes in a secure cluster

Mon, 24 Sep 2018 13:34:31 -0700 


    [ 
https://issues.apache.org/jira/browse/DRILL-5671?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16626427#comment-16626427
 ] 

ASF GitHub Bot commented on DRILL-5671:
---------------------------------------

sohami commented on a change in pull request #1467: DRILL-5671: Set secure ACLs 
(Access Control List) for Drill ZK nodes in a secure cluster
URL: https://github.com/apache/drill/pull/1467#discussion_r219978887
 
 

 ##########
 File path: exec/jdbc-all/pom.xml
 ##########
 @@ -511,7 +511,7 @@
                   This is likely due to you adding new dependencies to a 
java-exec and not updating the excludes in this module. This is important as it 
minimizes the size of the dependency of Drill application users.
 
                   </message>
-                  <maxsize>39000000</maxsize>
+                  <maxsize>39050000</maxsize>
 
 Review comment:
   Do you mean the size increase is because of adding new source files under 
java-exec modules ?

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


> Set secure ACLs (Access Control List) for Drill ZK nodes in a secure cluster
> ----------------------------------------------------------------------------
>
>                 Key: DRILL-5671
>                 URL: https://issues.apache.org/jira/browse/DRILL-5671
>             Project: Apache Drill
>          Issue Type: New Feature
>          Components:  Server
>            Reporter: Karthikeyan Manivannan
>            Assignee: Karthikeyan Manivannan
>            Priority: Major
>             Fix For: 1.15.0
>
>
> All Drill ZK nodes, currently, are assigned a default [world:all] ACL i.e. 
> anyone gets to do CDRWA(create, delete, read, write, admin access). This 
> means that even on a secure cluster anyone can perform all CRDWA actions on 
> the znodes. 
> This should be changed such that:
> - In a non-secure cluster, Drill will continue using the current default 
> [world:all] ACL
> - In a secure cluster, all nodes should have an [authid: all] ACL i.e. the 
> authenticated user that created the znode gets full access. The discovery 
> znodes i.e. the znodes with the list of Drillbits will have an additional 
> [world:read] ACL, i.e. the list of Drillbits will be readable by anyone. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to