zookeeper-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jordan Zimmerman <jor...@jordanzimmerman.com>
Subject Re: Setting acls in Zookeeper
Date Wed, 08 Feb 2017 20:03:07 GMT
AddAuth sets the authorization value for the current connection. It's the client-side portion
of the ACL spec. What you want is "setAcl".

	setAcl [-s] [-v version] path acl

-Jordan

> On Feb 8, 2017, at 1:52 PM, Megha Sharma <megha.hitesh.kapil@gmail.com> wrote:
> 
> Thanks Jordan
> That was my understanding as well, wanted to make sure that setting acls
> doesn't need zkServer restart. The way I am setting the acls could be
> faulty then, I am trying to set the acl ZOO_AUTH_IDS and
> ZOO_READ_ACL_UNSAFE using zkCli. According to zookeeper doc, ZOO_AUTH_IDS
> translates to (‘auth’,’’) and empty identity string should be interpreted
> as “the identity of the creator”. I have tried both empty identity string
> (2) and with credentials (1) with zkCli and I am not sure which is the
> correct way of achieving ZOO_AUTH_IDS.
> 
> 
> 1) addauth digest user:pwd
>    setAcl /mesos world:anyone:r,auth::crdwa
> 
> 2) addauth digest user:pwd
>    setAcl /mesos world:anyone:r,auth:user:pwd:cdrwa
> 
> Thanks
> Megha
> 
> 
> On Wed, Feb 8, 2017 at 7:27 AM, Jordan Zimmerman <jordan@jordanzimmerman.com
>> wrote:
> 
>>> I have been trying to set acls with zkCli and it seems like the acls
>> don’t
>>> take effect until all the zkServers are restarted. Do the acls need
>>> zkServer restart?
>> 
>> No. ACL changes take effect immediately. It's a ZNode modification like
>> any other. Do you have an example of the problem?
>> 
>> -Jordan


Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message