Return-Path: 
 <zookeeper-user-return-2345-apmail-hadoop-zookeeper-user-archive=hadoop.apache.org@hadoop.apache.org>
Delivered-To: apmail-hadoop-zookeeper-user-archive@minotaur.apache.org
Received: (qmail 83118 invoked from network); 20 Oct 2010 18:08:55 -0000
Received: from unknown (HELO mail.apache.org) (140.211.11.3)
  by 140.211.11.9 with SMTP; 20 Oct 2010 18:08:55 -0000
Received: (qmail 86850 invoked by uid 500); 20 Oct 2010 18:08:55 -0000
Delivered-To: apmail-hadoop-zookeeper-user-archive@hadoop.apache.org
Received: (qmail 86813 invoked by uid 500); 20 Oct 2010 18:08:55 -0000
Mailing-List: contact zookeeper-user-help@hadoop.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:zookeeper-user-help@hadoop.apache.org>
List-Unsubscribe: <mailto:zookeeper-user-unsubscribe@hadoop.apache.org>
List-Post: <mailto:zookeeper-user@hadoop.apache.org>
List-Id: <zookeeper-user.hadoop.apache.org>
Reply-To: zookeeper-user@hadoop.apache.org
Delivered-To: mailing list zookeeper-user@hadoop.apache.org
Received: (qmail 86805 invoked by uid 99); 20 Oct 2010 18:08:55 -0000
Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 20 Oct 2010 18:08:55 +0000
X-ASF-Spam-Status: No, hits=-1997.8 required=10.0
	tests=ALL_TRUSTED,HTML_MESSAGE,T_RP_MATCHES_RCVD
X-Spam-Check-By: apache.org
Received: from [140.211.11.9] (HELO minotaur.apache.org) (140.211.11.9)
    by apache.org (qpsmtpd/0.29) with SMTP; Wed, 20 Oct 2010 18:08:54 +0000
Received: (qmail 83039 invoked by uid 99); 20 Oct 2010 18:08:34 -0000
Received: from localhost.apache.org (HELO mail-ww0-f48.google.com) (127.0.0.1)
  (smtp-auth username phunt, mechanism plain)
  by minotaur.apache.org (qpsmtpd/0.29) with ESMTP;
 Wed, 20 Oct 2010 18:08:34 +0000
Received: by wwb18 with SMTP id 18so3023696wwb.29
        for <zookeeper-user@hadoop.apache.org>;
 Wed, 20 Oct 2010 11:08:32 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.227.129.7 with SMTP id m7mr8325415wbs.44.1287598106909; Wed,
 20 Oct 2010 11:08:26 -0700 (PDT)
Received: by 10.227.144.15 with HTTP; Wed, 20 Oct 2010 11:08:26 -0700 (PDT)
In-Reply-To: 
 <69D3016305F9084FBD2C4A0DF189BD5C16B2581A30@GSCMAMP02EX.firmwide.corp.gs.com>
References: 
 <69D3016305F9084FBD2C4A0DF189BD5C16B2581A30@GSCMAMP02EX.firmwide.corp.gs.com>
Date: Wed, 20 Oct 2010 11:08:26 -0700
Message-ID: <AANLkTikso21OtT5ezDOKB=7a42mHnEP928=jEFYpW2=i@mail.gmail.com>
Subject: Re: Digest user ACL check failing
From: Patrick Hunt <phunt@apache.org>
To: zookeeper-user@hadoop.apache.org
Content-Type: multipart/alternative; boundary=001636498d0dc69d450493104b91

--001636498d0dc69d450493104b91
Content-Type: text/plain; charset=ISO-8859-1

Sounds like it might be a bug, was this just for the root or for any znode?
Please file a JIRA, thanks.

Patrick

On Tue, Oct 19, 2010 at 1:01 PM, Fournier, Camille F. [Tech] <
Camille.Fournier@gs.com> wrote:

> The ZK documentation says:
> New in 3.2: Enables a ZooKeeper ensemble administrator to access the znode
> hierarchy as a "super" user. In particular no ACL checking occurs for a user
> authenticated as super.
>
> However, in some testing today I created a digest user, logged in as this
> user, set the ACLs for "/" to Ids.READ_ACL_UNSAFE, and now even when I am
> logged in as the superuser, I cannot actually change this ACL or write nodes
> below it on the tree. So it does not actually seem to be the case that
> "super" skips ACL checks. Is this a bug or a feature?
>
> Thanks,
> Camille
>
>
>

--001636498d0dc69d450493104b91--