zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From John Sirois <john.sir...@gmail.com>
Subject Re: A question about zkCli.sh, znodes and acl
Date Tue, 12 Jan 2016 17:10:22 GMT
On Tue, Jan 12, 2016 at 9:54 AM, Din Aubevie <din.zookeeper@gmail.com>
wrote:

> Hello !
>
> I send you this mail because I'm encountering some problems with a znode in
> zookeeper.
> Trying to solve this problem, I tried to understand better the zookeeper
> acl but I cannot find documentation about this.
>
> I mean, yes, there is this link :
> http://zookeeper.apache.org/doc/trunk/zookeeperProgrammers.html#Data+Access
>
> But I was wondering if there was documentation about setting acl with zkCli
> ?
>
> When I try to set an acl for a znode, like /oozie,
> ###
> setAcl /oozie world:anyone
> ###
>
> I get the following error message :
> ###
> world:anyone does not have the form scheme:id:perm
> Acl is not valid : /oozie
> ###
>
> What is the right syntax for a zookeeper acl please ?
>

The perms in zkCli is a sequence of one or more characters, each character
the 1st character of the perms described in the doc you linked above, so: c
= CREATE, r = READ, d = DELETE, w = WRITE, a = ADMIN

Using your example, the session below sets the ACL on /oozie such that
world can only READ:
[zk: localhost:2181(CONNECTED) 1] create /oozie ''
Created /oozie
[zk: localhost:2181(CONNECTED) 2] setAcl /oozie world:anyone:r
cZxid = 0x2
ctime = Tue Jan 12 09:58:15 MST 2016
mZxid = 0x2
mtime = Tue Jan 12 09:58:15 MST 2016
pZxid = 0x2
cversion = 0
dataVersion = 0
aclVersion = 1
ephemeralOwner = 0x0
dataLength = 2
numChildren = 0
[zk: localhost:2181(CONNECTED) 3] getAcl /oozie
'world,'anyone
: r


You might be interested in zk-shell [1] which is more helpful here (note
that `help set_acls` below shows examples that use cdrwa:
$ zk-shell
Welcome to zk-shell (1.1.1)
(DISCONNECTED) /> connect

Wrong params: too few arguments, expected: hosts

connect:
NAME
        connect - Connects to a host from a list of hosts given

SYNOPSIS
        connect <hosts>

EXAMPLES
        > connect host1:2181,host2:2181


(DISCONNECTED) /> connect localhost:2181
(CONNECTING) />
(CONNECTED) /> ?

Documented commands (type help <topic>):
========================================
EOF            disconnect          history              pwd
time
add_auth       du                  ifind                quit
 tree
cd             dump                igrep                reconfig
 txn
check          echo                json_cat             reconnect
watch
child_count    edit                json_count_values    rm
 zero
child_matches  ephemeral_endpoint  json_dupes_for_keys  rmr
child_watch    exists              json_get             session_endpoint
chkzk          exit                json_valid           session_info
conf           fill                loop                 set
connect        find                ls                   set_acls
cons           get                 man                  sleep
cp             get_acls            mirror               stat
create         grep                mntr                 summary
diff           help                pipe                 sync

(CONNECTED) /> help set_acls

NAME
        set_acls - Sets ACLs for a given path

SYNOPSIS
        set_acls <path> <acls> [recursive]

OPTIONS
        * recursive: recursively set the acls on the children

EXAMPLES
        > set_acls /some/path 'world:anyone:r
digest:user:aRxISyaKnTP2+OZ9OmQLkq04bvo=:cdrwa'
        > set_acls /some/path 'world:anyone:r
username_password:user:p@ass0rd:cdrwa'
        > set_acls /path 'world:anyone:r' true

[1] https://github.com/rgs1/zk_shell


> Best regards.
>
> Din.
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message