[
https://issues.apache.org/jira/browse/HBASE-14425?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14900275#comment-14900275
]
Ashish Singhi commented on HBASE-14425:
---------------------------------------
Nit:
bq. String[] superUsers = zkw.getConfiguration().getStrings("hbase.superuser");
May be instead of hard coding property name, can you use
{{Superusers.SUPERUSER_CONF_KEY}} ? I know it was already existing but at that
time we did not had this constant in place.
Also looks like QA bot did not pick the patch last time, mind attaching again.
Otherwise lgtm.
> In Secure Zookeeper cluster superuser will not have sufficient permission if
> multiple values are configured in "hbase.superuser"
> --------------------------------------------------------------------------------------------------------------------------------
>
> Key: HBASE-14425
> URL: https://issues.apache.org/jira/browse/HBASE-14425
> Project: HBase
> Issue Type: Bug
> Reporter: Pankaj Kumar
> Assignee: Pankaj Kumar
> Fix For: 2.0.0
>
> Attachments: HBASE-14425.patch
>
>
> During master intialization we are setting ACLs for the znodes.
> In ZKUtil.createACL(ZooKeeperWatcher zkw, String node, boolean
> isSecureZooKeeper),
> {code}
> String superUser = zkw.getConfiguration().get("hbase.superuser");
> ArrayList<ACL> acls = new ArrayList<ACL>();
> // add permission to hbase supper user
> if (superUser != null) {
> acls.add(new ACL(Perms.ALL, new Id("auth", superUser)));
> }
> {code}
> Here we are directly setting "hbase.superuser" value to Znode which will
> cause an issue when multiple values are configured. In "hbase.superuser"
> multiple superusers and supergroups can be configured separated by comma. We
> need to iterate them and set ACL.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
