We have discovered that there is a bug in ZooDefs.PERMS.ALL: it is missing ZooDefs.PERMS.ADMIN, thus it isn't really ALL :) The problem is that the C binding includes ADMIN in ALL, so we have an inconsistency between the two bindings. We would like to fix this as a bug fix in the next release, but it does change behavior, so we wanted to run in by the list to get our users' opinions.

To understand the behavioral change let me first remind you that the ADMIN permission is only used with the setACL operation. Normally, developers use PERMS.ALL indirectly by using ids.OPEN_ACL_UNSAFE. So, doing zk.create(path, data, Ids.OPEN_ACL_UNSAFE, flags) will create a znode for which no one will have the ability to change the ACL, ie call setACL. If we fix this, everyone will be able to change the ACL of the znode, which corresponds to the behavior of using OPEN_ACL_UNSAFE with the C binding.

(Note: nodes that were previously created with OPEN_ACL_UNSAFE or PERMS.ALL, will not be affected since these are just client side macros.)

Thoughts? Suggestions?



Reply via email to