[ https://issues.apache.org/jira/browse/HBASE-18323?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16096539#comment-16096539 ]
Josh Elser commented on HBASE-18323: ------------------------------------ bq. sorry to feedback so late, could you help me codereview , how about this way Yup, that's what I had in mind. > Remove multiple ACLs for the same user in kerberos > -------------------------------------------------- > > Key: HBASE-18323 > URL: https://issues.apache.org/jira/browse/HBASE-18323 > Project: HBase > Issue Type: Bug > Affects Versions: 1.2.0, 3.0.0 > Reporter: Shibin Zhang > Priority: Minor > Attachments: HBASE-18323.patch, HBASE-18323-V2.patch, > HBASE-18323-V3.patch > > > When deploy hbase in kerberos way ,there will be multiple acls in znode : > 'world,'anyone > : r > 'sasl,'hbase > : cdrwa > 'sasl,'hbase > : cdrwa > I also see the related issue and apply the patch, like > https://issues.apache.org/jira/browse/HBASE-17717 > but in my environment ,this situation still appear, > After dig into the code , i found the reason in source code ZKUtil.createAcl > is > if (zkw.isClientReadable(node)) { > LOG.error("isSecureZooKeeper user: clientReadable"); > acls.addAll(Ids.CREATOR_ALL_ACL); > acls.addAll(Ids.READ_ACL_UNSAFE); > } else { > LOG.error("isSecureZooKeeper user: clientReadable no"); > acls.addAll(Ids.CREATOR_ALL_ACL); > } > acls.addAll(Ids.CREATOR_ALL_ACL); > > Id AUTH_IDS = new Id("auth", ""); > ArrayList<ACL> CREATOR_ALL_ACL = new ArrayList(Collections.singletonList(new > ACL(31, AUTH_IDS))); > AUTH_IDS with "auth " will result current connection auth user add to > znode acl , > so it will appear multiple acls for same users. > I think this line of code we can remove : > acls.addAll(Ids.CREATOR_ALL_ACL); -- This message was sent by Atlassian JIRA (v6.4.14#64029)