zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patrick Hunt <ph...@apache.org>
Subject Re: Problem specifying ACLs
Date Sun, 07 Feb 2016 04:05:57 GMT
Hi Bharath. I could be wrong, but I believe you are mis-interpreting
the permissions. Please see:

Note that create/delete apply to child nodes, not the node itself.

"DELETE: you can delete a child node"

I don't know what you've set for "/" though, so it's hard to say definitively.


On Sat, Feb 6, 2016 at 5:47 PM, Bharath Ravi Kumar <reachbach@gmail.com> wrote:
> Can someone please clarify if this is indeed a bug, or if my usage is
> incorrect? (I have *not* set zookeeper.skipACL to true).
> Thanks.
> On Sat, Feb 6, 2016 at 8:14 PM, Bharath Ravi Kumar <reachbach@gmail.com>
> wrote:
>> +dev
>> On 06-Feb-2016 3:48 pm, "Bharath Ravi Kumar" <reachbach@gmail.com> wrote:
>>> Hi,
>>> It appears that ACL's set through setAcl or create aren't being honoured.
>>> I  created a node through the zkCli as follows:
>>> create /apps apps_root
>>> digest:appsadmin:ukP2eoiopvSwCQaWSu3LI7qCLOQ=:crdwa,world:anyone:r
>>> I expect the above to have the effect of granting read (and list)
>>> permissions on /apps but to allow appsadmin to perform any action on the
>>> node. I verified that the ACL's had been set by running getAcl:
>>> getAcl /apps
>>> 'digest,'appsadmin:ukP2eoiopvSwCQaWSu3LI7qCLOQ=
>>> : cdrwa
>>> 'world,'anyone
>>> : r
>>> After creating the node, I exited the cli and launched it again, this
>>> time not executing addauth. As an anonymous user, I was able to get and
>>> list /apps, but not create a child node. However, I *could successfully*
>>> rmr /apps as an anon user, which  shouldn't be the case. I'm running zk
>>> 3.4.5 as standalone on OpenJDK 1.8 (tried with sun jdk 1.7 as well) on
>>> Ubuntu 14.04.  Can someone explain if this behaviour is expected?
>>> Thanks,
>>> Bharath

View raw message