[jira] [Created] (HBASE-14425) In Secure Zookeeper cluster superuser will not have sufficient permission if muliple values are configured in "hbase.superuser"

Pankaj Kumar (JIRA) Mon, 14 Sep 2015 06:02:57 -0700

Pankaj Kumar created HBASE-14425:
------------------------------------

             Summary: In Secure Zookeeper cluster superuser will not have 
sufficient permission if muliple values are configured in "hbase.superuser"
                 Key: HBASE-14425
                 URL: https://issues.apache.org/jira/browse/HBASE-14425
             Project: HBase
          Issue Type: Bug
            Reporter: Pankaj Kumar
            Assignee: Pankaj Kumar



During master intialization we are setting ACLs for the znodes.

In ZKUtil.createACL(ZooKeeperWatcher zkw, String node, boolean 
isSecureZooKeeper),
{code}
      String superUser = zkw.getConfiguration().get("hbase.superuser");
      ArrayList<ACL> acls = new ArrayList<ACL>();
      // add permission to hbase supper user
      if (superUser != null) {
        acls.add(new ACL(Perms.ALL, new Id("auth", superUser)));
      }
{code}

Here we are directly setting "hbase.superuser" value to Znode which will cause 
an issue when multiple values are configured. In "hbase.superuser" multiple 
superusers and supergroups can be configured separated by comma. We need to 
iterate them and set ACL.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (HBASE-14425) In Secure Zookeeper cluster superuser will not have sufficient permission if muliple values are configured in "hbase.superuser"

Reply via email to