zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patrick Hunt <ph...@apache.org>
Subject Re: sasl authentication is given to the user during create nodes, node deletion is happening with 'delete' cmd
Date Fri, 25 May 2012 00:18:13 GMT
When you created the znodes did you specify acls or just take the
defaults? (zkcli defaults are permissive), here's the create znode
code:

        List<ACL> acl = ZooDefs.Ids.OPEN_ACL_UNSAFE;
        if (args.length > 3) {
            acl = AclParser.parse(args[3]);
        }

Patrick

On Tue, May 22, 2012 at 3:49 AM, Rakesh R <rakeshr@huawei.com> wrote:
> Hi All,
>
> I'm trying to use the ZooKeeper sasl. Actually I'm a bit confused when using the delete
command.
>
> Say, I have created two znodes:
>
>  'app1' directly under '/' with hbase/host-10-18-40-40.hadoop.com@HADOOP.COM<mailto:hbase/host-10-18-40-40.hadoop.com@HADOOP.COM>
>  'app2' directly under '/' with hbase/host-10-18-40-40.hadoop.com@HADOOP.COM<mailto:hbase/host-10-18-40-40.hadoop.com@HADOOP.COM>
>
> Now, I have logged in as zkcli/host-10-18-40-40.hadoop.com@HADOOP.COM<mailto:zkcli/host-10-18-40-40.hadoop.com@HADOOP.COM>
and this is not given as super user. When I tried to delete the znodes '/app1' and '/app2',
it is allowing and not authenticating.
>
> Here, I'm thinking that 'zkcli' will not have the access to delete these two nodes.
>
> Is this a problem or anything I'm missing. Can you please help me to resolve this and
how the security can be applied here.
>
>
> Thanks,
> Rakesh

Mime
View raw message