[
https://issues.apache.org/jira/browse/HBASE-14425?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14743490#comment-14743490
]
Pankaj Kumar commented on HBASE-14425:
--------------------------------------
One more issue in this,
{code}
if (superUser != null) {
acls.add(new ACL(Perms.ALL, new Id("auth", superUser)));
}
{code}
Here scheme is presently hard coded as "auth", actually it should be based on
the auth provider configured at ZK.
I will raise another JIRA for this issue.
> In Secure Zookeeper cluster superuser will not have sufficient permission if
> muliple values are configured in "hbase.superuser"
> -------------------------------------------------------------------------------------------------------------------------------
>
> Key: HBASE-14425
> URL: https://issues.apache.org/jira/browse/HBASE-14425
> Project: HBase
> Issue Type: Bug
> Reporter: Pankaj Kumar
> Assignee: Pankaj Kumar
>
> During master intialization we are setting ACLs for the znodes.
> In ZKUtil.createACL(ZooKeeperWatcher zkw, String node, boolean
> isSecureZooKeeper),
> {code}
> String superUser = zkw.getConfiguration().get("hbase.superuser");
> ArrayList<ACL> acls = new ArrayList<ACL>();
> // add permission to hbase supper user
> if (superUser != null) {
> acls.add(new ACL(Perms.ALL, new Id("auth", superUser)));
> }
> {code}
> Here we are directly setting "hbase.superuser" value to Znode which will
> cause an issue when multiple values are configured. In "hbase.superuser"
> multiple superusers and supergroups can be configured separated by comma. We
> need to iterate them and set ACL.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
