[
https://issues.apache.org/jira/browse/HBASE-14425?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14743501#comment-14743501
]
Pankaj Kumar commented on HBASE-14425:
--------------------------------------
"hbase.superuser" can contain groups also, and currently ZK doesn't support ACL
setting for groups (Please correct me if there is any way to do this).
Do we need to skip ACL setting for groups for now and write a
informative/warning log.
Any suggestion [~stack]
> In Secure Zookeeper cluster superuser will not have sufficient permission if
> muliple values are configured in "hbase.superuser"
> -------------------------------------------------------------------------------------------------------------------------------
>
> Key: HBASE-14425
> URL: https://issues.apache.org/jira/browse/HBASE-14425
> Project: HBase
> Issue Type: Bug
> Reporter: Pankaj Kumar
> Assignee: Pankaj Kumar
>
> During master intialization we are setting ACLs for the znodes.
> In ZKUtil.createACL(ZooKeeperWatcher zkw, String node, boolean
> isSecureZooKeeper),
> {code}
> String superUser = zkw.getConfiguration().get("hbase.superuser");
> ArrayList<ACL> acls = new ArrayList<ACL>();
> // add permission to hbase supper user
> if (superUser != null) {
> acls.add(new ACL(Perms.ALL, new Id("auth", superUser)));
> }
> {code}
> Here we are directly setting "hbase.superuser" value to Znode which will
> cause an issue when multiple values are configured. In "hbase.superuser"
> multiple superusers and supergroups can be configured separated by comma. We
> need to iterate them and set ACL.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
