[jira] [Commented] (HBASE-18323) Remove multiple ACLs for the same user in kerberos

Tue, 25 Jul 2017 17:50:57 -0700 

    [ 
https://issues.apache.org/jira/browse/HBASE-18323?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16101010#comment-16101010
 ] 

Hudson commented on HBASE-18323:
--------------------------------

FAILURE: Integrated in Jenkins build HBase-1.4 #817 (See 
[https://builds.apache.org/job/HBase-1.4/817/])
HBASE-18323 Remove multiple ACLs for the same user in kerberos (elserj: rev 
8ea7a364bf093e8b569ab3fee002140e8280b9cf)
* (edit) 
hbase-client/src/main/java/org/apache/hadoop/hbase/zookeeper/ZKUtil.java
* (edit) 
hbase-client/src/test/java/org/apache/hadoop/hbase/zookeeper/TestZKUtil.java


> Remove multiple ACLs for the same user in kerberos
> --------------------------------------------------
>
>                 Key: HBASE-18323
>                 URL: https://issues.apache.org/jira/browse/HBASE-18323
>             Project: HBase
>          Issue Type: Bug
>    Affects Versions: 1.2.0, 3.0.0
>            Reporter: Shibin Zhang
>            Assignee: Shibin Zhang
>            Priority: Minor
>             Fix For: 2.0.0, 3.0.0, 1.4.0
>
>         Attachments: HBASE-18323.patch, HBASE-18323-V2.patch, 
> HBASE-18323-V3.patch, HBASE-18323-V4.patch, HBASE-18323-V5.patch
>
>
> When deploy hbase in kerberos way ,there will be multiple acls in znode :
> 'world,'anyone
> : r
> 'sasl,'hbase
> : cdrwa
> 'sasl,'hbase
> : cdrwa
> I also see the related issue and apply the patch, like  
> https://issues.apache.org/jira/browse/HBASE-17717 
> but in my environment ,this situation still appear,
> After dig into the code , i found the reason in source code  ZKUtil.createAcl 
>  is
>  if (zkw.isClientReadable(node)) {
>         LOG.error("isSecureZooKeeper user: clientReadable");
>         acls.addAll(Ids.CREATOR_ALL_ACL);
>         acls.addAll(Ids.READ_ACL_UNSAFE);
>       } else {
>         LOG.error("isSecureZooKeeper user: clientReadable no");
>         acls.addAll(Ids.CREATOR_ALL_ACL);
>       } 
>   acls.addAll(Ids.CREATOR_ALL_ACL);   
>   
>   Id AUTH_IDS = new Id("auth", "");
> ArrayList<ACL> CREATOR_ALL_ACL = new ArrayList(Collections.singletonList(new 
> ACL(31, AUTH_IDS)));
> AUTH_IDS   with  "auth " will result  current connection auth user  add to 
> znode acl ,
> so it will appear multiple acls for same users.
> I think this line of code  we can remove  :  
> acls.addAll(Ids.CREATOR_ALL_ACL);   



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to