[jira] [Resolved] (KAFKA-7754) zookeeper-security-migration.sh sets the root ZNode as world-readable

Wed, 09 Oct 2024 02:08:27 -0700 


     [ 
https://issues.apache.org/jira/browse/KAFKA-7754?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Mickael Maison resolved KAFKA-7754.
-----------------------------------
    Resolution: Won't Fix

We are now removing ZooKeeper support so closing this issue.

> zookeeper-security-migration.sh sets the root ZNode as world-readable
> ---------------------------------------------------------------------
>
>                 Key: KAFKA-7754
>                 URL: https://issues.apache.org/jira/browse/KAFKA-7754
>             Project: Kafka
>          Issue Type: Bug
>          Components: security
>    Affects Versions: 2.0.0
>            Reporter: Badai Aqrandista
>            Priority: Minor
>
> If I start broker with {{zookeeper.set.acl=true}} from the first time I start 
> the broker, the root ZNode is not set to be world-readable to allow other 
> application to share the Zookeeper ensemble with chroot.
> But if I run {{zookeeper-security-migration.sh}} with  {{–zookeeper.acl 
> secure}}, the root ZNode becomes world-readable. Is this correct?
>  
> {noformat}
> root@localhost:/# zookeeper-shell localhost:2181
> Connecting to localhost:2181
> Welcome to ZooKeeper!
> JLine support is enabled
> [zk: localhost:2181(CONNECTING) 0] 
> WATCHER::
> WatchedEvent state:SyncConnected type:None path:null
> WATCHER::
> WatchedEvent state:SaslAuthenticated type:None path:null
> [zk: localhost:2181(CONNECTED) 0] getAcl /
> 'world,'anyone
> : cdrwa
> [zk: localhost:2181(CONNECTED) 1] getAcl /brokers
> 'world,'anyone
> : r
> 'sasl,'kafkabroker
> : cdrwa
> [zk: localhost:2181(CONNECTED) 2] quit
> Quitting...
> root@localhost:/# zookeeper-security-migration --zookeeper.acl secure 
> --zookeeper.connect localhost:2181
> root@localhost:/# zookeeper-shell localhost:2181
> Connecting to localhost:2181
> Welcome to ZooKeeper!
> JLine support is enabled
> [zk: localhost:2181(CONNECTING) 0] 
> WATCHER::
> WatchedEvent state:SyncConnected type:None path:null
> WATCHER::
> WatchedEvent state:SaslAuthenticated type:None path:null
> [zk: localhost:2181(CONNECTED) 0] getAcl /
> 'world,'anyone
> : r
> 'sasl,'kafkabroker
> : cdrwa
> [zk: localhost:2181(CONNECTED) 1] getAcl /brokers
> 'world,'anyone
> : r
> 'sasl,'kafkabroker
> : cdrwa
> [zk: localhost:2181(CONNECTED) 2] 
> {noformat}



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to