Return-Path: X-Original-To: apmail-zookeeper-user-archive@www.apache.org Delivered-To: apmail-zookeeper-user-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id D89BCDBBF for ; Thu, 27 Dec 2012 16:31:26 +0000 (UTC) Received: (qmail 77777 invoked by uid 500); 27 Dec 2012 16:31:26 -0000 Delivered-To: apmail-zookeeper-user-archive@zookeeper.apache.org Received: (qmail 77744 invoked by uid 500); 27 Dec 2012 16:31:26 -0000 Mailing-List: contact user-help@zookeeper.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@zookeeper.apache.org Delivered-To: mailing list user@zookeeper.apache.org Received: (qmail 77728 invoked by uid 99); 27 Dec 2012 16:31:26 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Dec 2012 16:31:26 +0000 X-ASF-Spam-Status: No, hits=1.5 required=5.0 tests=HTML_MESSAGE,RCVD_IN_DNSWL_LOW,SPF_PASS X-Spam-Check-By: apache.org Received-SPF: pass (nike.apache.org: domain of matt@nextdoor.com designates 209.85.220.51 as permitted sender) Received: from [209.85.220.51] (HELO mail-pa0-f51.google.com) (209.85.220.51) by apache.org (qpsmtpd/0.29) with ESMTP; Thu, 27 Dec 2012 16:31:16 +0000 Received: by mail-pa0-f51.google.com with SMTP id fb11so5557414pad.24 for ; Thu, 27 Dec 2012 08:30:53 -0800 (PST) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-received:from:content-type:subject:message-id:date:to :mime-version:x-mailer:x-gm-message-state; bh=lY4N4DzflU2yOMG2jOjzJZE1Qu1Kz9S46BYUtRW95f0=; b=jsI1bCVJE3reeCwXKvjzKBpKRWT7lUoeyXAsdEPV+Ya+YAutzLc+YImD0Om812zJSq 7BkO7bKBE5jk4es9X50EGiS7ZVgllJ0Grjdnl8fHMYZPG/DF0MtPksalP5nOkWQuacY1 KvQqFEMyOrO/UCj4Qput7wev7AkszuzKZLDyXvcIjl5YhJNhcoDRKIhaYx/MgNyUt9kk P0DBsAEzw08nraWWa6+3vK12Rpwqa6RdhVsa/R+TIVW00bdnVNPMDiNx5/mrLN+8WLIU 2RrrzPYFqDKvWZwQehAywmv/yHrD6TYwB6E3odnizlCAMCntVJ5wIcBxNjp+mXZkjJSC lwkg== X-Received: by 10.66.9.2 with SMTP id v2mr90890940paa.18.1356625853836; Thu, 27 Dec 2012 08:30:53 -0800 (PST) Received: from [10.0.1.23] ([207.86.65.86]) by mx.google.com with ESMTPS id ai8sm18053614pbd.14.2012.12.27.08.30.51 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 27 Dec 2012 08:30:52 -0800 (PST) From: Matt Wise Content-Type: multipart/alternative; boundary="Apple-Mail=_EB74A58F-901D-4E43-A3BC-93A43AE03D5F" Subject: ACLs Ephemeral Nodes? Message-Id: Date: Thu, 27 Dec 2012 08:30:48 -0800 To: "user@zookeeper.apache.org" Mime-Version: 1.0 (Mac OS X Mail 6.2 \(1499\)) X-Mailer: Apple Mail (2.1499) X-Gm-Message-State: ALoCoQlsBp+AZs2W1rkd5g1bpvAg724IelDs24rqoJqCq/CDvSENa8Opi4BtPt9ahzpHpkWfZrSx X-Virus-Checked: Checked by ClamAV on apache.org --Apple-Mail=_EB74A58F-901D-4E43-A3BC-93A43AE03D5F Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Is there a way to set an ACL for an ephemeral node so that it cannot be = deleted/modified by anybody other than the unique session ID that = created it? It seems like if I have the following path layout and I set = /servers so that its 'read only' to everyone, and a special digest auth = has access to create/delete/modify it, that auth also has access to = delete the nodes from it.=20 > /servers/server1:22 > /servers/server2:22 > /servers/server3:22 Ideally, I'd like to say that a client needs special credentials to = create a node in there (say: 'foo:bar').. but once that node is created, = no other session ID can delete or change that node. However, it seems = like the ability to delete a child node rests in the permissions of the = parent directory, rather than on that child node itself. Correct? --Matt --Apple-Mail=_EB74A58F-901D-4E43-A3BC-93A43AE03D5F--