[
https://issues.apache.org/jira/browse/KAFKA-3469?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15222093#comment-15222093
]
Ashish K Singh edited comment on KAFKA-3469 at 4/1/16 6:17 PM:
---------------------------------------------------------------
[~fpj] say a kafka broker process was started by admin user, admin. Now, a
user, foo, comes in and creates a topic, t1. The znode, {{/brokers/topics/t1}}
will be created with all acls for foo and read only acls for everyone else.
When broker, running as admin, tries to create a partition or replica, it will
fail to do so as it does not have write perms on the created topic's znode,
{{/brokers/topics/t1}}. Does this help?
I missed the discussion on using different credentials for admin tools, could
you point me to it or elaborate a bit.
was (Author: singhashish):
[~fpj] say a kafka broker process was started by admin user, admin. Now, a
user, foo, comes in and creates a topic. The znodes will be created with all
acls for foo and read only acls for everyone else. Now broker, running as
admin, when tries to create a partition or replica will fail to do so as it
does not have write perms on the created topic's znode. Does this help?
I missed the discussion on using different credentials for admin tools, could
you point me to it or elaborate a bit.
> kafka-topics lock down znodes with user principal when zk security is enabled.
> ------------------------------------------------------------------------------
>
> Key: KAFKA-3469
> URL: https://issues.apache.org/jira/browse/KAFKA-3469
> Project: Kafka
> Issue Type: Bug
> Reporter: Ashish K Singh
> Assignee: Ashish K Singh
>
> In envs where ZK is kerberized, if a user, other than user running kafka
> processes, creates a topic, ZkUtils will lock down corresponding znodes for
> the user. Kafka will not be able to modify those znodes and that leaves the
> topic unusable.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
