zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Din Aubevie <din.zookee...@gmail.com>
Subject Re: A question about zkCli.sh, znodes and acl
Date Tue, 12 Jan 2016 17:54:35 GMT
Tyvm for your answer.

It helped a lot.

BR.

Din
Le 12 janv. 2016 18:10, "John Sirois" <john.sirois@gmail.com> a écrit :

> On Tue, Jan 12, 2016 at 9:54 AM, Din Aubevie <din.zookeeper@gmail.com>
> wrote:
>
> > Hello !
> >
> > I send you this mail because I'm encountering some problems with a znode
> in
> > zookeeper.
> > Trying to solve this problem, I tried to understand better the zookeeper
> > acl but I cannot find documentation about this.
> >
> > I mean, yes, there is this link :
> >
> http://zookeeper.apache.org/doc/trunk/zookeeperProgrammers.html#Data+Access
> >
> > But I was wondering if there was documentation about setting acl with
> zkCli
> > ?
> >
> > When I try to set an acl for a znode, like /oozie,
> > ###
> > setAcl /oozie world:anyone
> > ###
> >
> > I get the following error message :
> > ###
> > world:anyone does not have the form scheme:id:perm
> > Acl is not valid : /oozie
> > ###
> >
> > What is the right syntax for a zookeeper acl please ?
> >
>
> The perms in zkCli is a sequence of one or more characters, each character
> the 1st character of the perms described in the doc you linked above, so: c
> = CREATE, r = READ, d = DELETE, w = WRITE, a = ADMIN
>
> Using your example, the session below sets the ACL on /oozie such that
> world can only READ:
> [zk: localhost:2181(CONNECTED) 1] create /oozie ''
> Created /oozie
> [zk: localhost:2181(CONNECTED) 2] setAcl /oozie world:anyone:r
> cZxid = 0x2
> ctime = Tue Jan 12 09:58:15 MST 2016
> mZxid = 0x2
> mtime = Tue Jan 12 09:58:15 MST 2016
> pZxid = 0x2
> cversion = 0
> dataVersion = 0
> aclVersion = 1
> ephemeralOwner = 0x0
> dataLength = 2
> numChildren = 0
> [zk: localhost:2181(CONNECTED) 3] getAcl /oozie
> 'world,'anyone
> : r
>
>
> You might be interested in zk-shell [1] which is more helpful here (note
> that `help set_acls` below shows examples that use cdrwa:
> $ zk-shell
> Welcome to zk-shell (1.1.1)
> (DISCONNECTED) /> connect
>
> Wrong params: too few arguments, expected: hosts
>
> connect:
> NAME
>         connect - Connects to a host from a list of hosts given
>
> SYNOPSIS
>         connect <hosts>
>
> EXAMPLES
>         > connect host1:2181,host2:2181
>
>
> (DISCONNECTED) /> connect localhost:2181
> (CONNECTING) />
> (CONNECTED) /> ?
>
> Documented commands (type help <topic>):
> ========================================
> EOF            disconnect          history              pwd
> time
> add_auth       du                  ifind                quit
>  tree
> cd             dump                igrep                reconfig
>  txn
> check          echo                json_cat             reconnect
> watch
> child_count    edit                json_count_values    rm
>  zero
> child_matches  ephemeral_endpoint  json_dupes_for_keys  rmr
> child_watch    exists              json_get             session_endpoint
> chkzk          exit                json_valid           session_info
> conf           fill                loop                 set
> connect        find                ls                   set_acls
> cons           get                 man                  sleep
> cp             get_acls            mirror               stat
> create         grep                mntr                 summary
> diff           help                pipe                 sync
>
> (CONNECTED) /> help set_acls
>
> NAME
>         set_acls - Sets ACLs for a given path
>
> SYNOPSIS
>         set_acls <path> <acls> [recursive]
>
> OPTIONS
>         * recursive: recursively set the acls on the children
>
> EXAMPLES
>         > set_acls /some/path 'world:anyone:r
> digest:user:aRxISyaKnTP2+OZ9OmQLkq04bvo=:cdrwa'
>         > set_acls /some/path 'world:anyone:r
> username_password:user:p@ass0rd:cdrwa'
>         > set_acls /path 'world:anyone:r' true
>
> [1] https://github.com/rgs1/zk_shell
>
>
> > Best regards.
> >
> > Din.
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message