AddAuth sets the authorization value for the current connection. It's the client-side portion
of the ACL spec. What you want is "setAcl".
setAcl [-s] [-v version] path acl
-Jordan
> On Feb 8, 2017, at 1:52 PM, Megha Sharma <megha.hitesh.kapil@gmail.com> wrote:
>
> Thanks Jordan
> That was my understanding as well, wanted to make sure that setting acls
> doesn't need zkServer restart. The way I am setting the acls could be
> faulty then, I am trying to set the acl ZOO_AUTH_IDS and
> ZOO_READ_ACL_UNSAFE using zkCli. According to zookeeper doc, ZOO_AUTH_IDS
> translates to (‘auth’,’’) and empty identity string should be interpreted
> as “the identity of the creator”. I have tried both empty identity string
> (2) and with credentials (1) with zkCli and I am not sure which is the
> correct way of achieving ZOO_AUTH_IDS.
>
>
> 1) addauth digest user:pwd
> setAcl /mesos world:anyone:r,auth::crdwa
>
> 2) addauth digest user:pwd
> setAcl /mesos world:anyone:r,auth:user:pwd:cdrwa
>
> Thanks
> Megha
>
>
> On Wed, Feb 8, 2017 at 7:27 AM, Jordan Zimmerman <jordan@jordanzimmerman.com
>> wrote:
>
>>> I have been trying to set acls with zkCli and it seems like the acls
>> don’t
>>> take effect until all the zkServers are restarted. Do the acls need
>>> zkServer restart?
>>
>> No. ACL changes take effect immediately. It's a ZNode modification like
>> any other. Do you have an example of the problem?
>>
>> -Jordan
|