Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id B7D57200C15 for ; Wed, 8 Feb 2017 21:03:15 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id B66A0160B5A; Wed, 8 Feb 2017 20:03:15 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 09678160B49 for ; Wed, 8 Feb 2017 21:03:14 +0100 (CET) Received: (qmail 22821 invoked by uid 500); 8 Feb 2017 20:03:13 -0000 Mailing-List: contact user-help@zookeeper.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: user@zookeeper.apache.org Delivered-To: mailing list user@zookeeper.apache.org Received: (qmail 22809 invoked by uid 99); 8 Feb 2017 20:03:13 -0000 Received: from pnap-us-west-generic-nat.apache.org (HELO spamd1-us-west.apache.org) (209.188.14.142) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 08 Feb 2017 20:03:13 +0000 Received: from localhost (localhost [127.0.0.1]) by spamd1-us-west.apache.org (ASF Mail Server at spamd1-us-west.apache.org) with ESMTP id 064F2C0D1A for ; Wed, 8 Feb 2017 20:03:13 +0000 (UTC) X-Virus-Scanned: Debian amavisd-new at spamd1-us-west.apache.org X-Spam-Flag: NO X-Spam-Score: 2.499 X-Spam-Level: ** X-Spam-Status: No, score=2.499 tagged_above=-999 required=6.31 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, HTML_MESSAGE=2, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_SORBS_SPAM=0.5] autolearn=disabled Authentication-Results: spamd1-us-west.apache.org (amavisd-new); dkim=pass (2048-bit key) header.d=jordanzimmerman-com.20150623.gappssmtp.com Received: from mx1-lw-us.apache.org ([10.40.0.8]) by localhost (spamd1-us-west.apache.org [10.40.0.7]) (amavisd-new, port 10024) with ESMTP id KbO3QOxczKoR for ; Wed, 8 Feb 2017 20:03:11 +0000 (UTC) Received: from mail-vk0-f48.google.com (mail-vk0-f48.google.com [209.85.213.48]) by mx1-lw-us.apache.org (ASF Mail Server at mx1-lw-us.apache.org) with ESMTPS id 5A2535F298 for ; Wed, 8 Feb 2017 20:03:11 +0000 (UTC) Received: by mail-vk0-f48.google.com with SMTP id r136so109083083vke.1 for ; Wed, 08 Feb 2017 12:03:11 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jordanzimmerman-com.20150623.gappssmtp.com; s=20150623; h=from:mime-version:subject:date:references:to:in-reply-to:message-id; bh=cmIxWDxH7Sh+k191MQc92ZeejPzNTfhB50abunVE6U4=; b=jihs8TkBewfVCOREpicgbzPucexUAJVEeTlhUhaa/UPs8AfQOxbTK6o8v0DrhoNhyj 0tdaZrkNG/kAsiQCMc/qTniXpAOXvwLTu8hT8455xoHFkm0LwChiLLuqhOqJlFMhrEC0 ngC66su6sXY6sc/fpieoxkQ7CEy+d/KUAr+FiIpGxup1nYIRaijzLsfehdSfQSrf85Ph ZEcTeubhfkfOA/LcPVkcsxKjOuQy0w/q6hGPDQWePMqJt95sgufb/WR6Yo502Q68+7k+ Pl4JI1qeVTd6ndBlDYMUWW1Hhcb4oFMb7JK4bgs+khqGS3BuHicFdYIxS8QBt/x8Hk6C xm2A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:mime-version:subject:date:references:to :in-reply-to:message-id; bh=cmIxWDxH7Sh+k191MQc92ZeejPzNTfhB50abunVE6U4=; b=BmKUhGrQT4B8k9a1vdlD87LClmBCO5623YzSNZYacHn88wLaWHAZA1p6PiK3nCzhDC AQLS2AXzHJb0NJkBrD7Az6n5VDMpuAjv92I6bpTaQdFq7URHpdMzm/9C+GJP/O9WHmMy K5P2wk4QDnpwiIq5CHoVCgccfXmcQ/AsWhb+CSiyqQCGyg694PxtjXpmdutohCm2h7wm K4W7Ys7dkCzhFwSYbDjpz52Jsj2ZMe+vGK3r6WhBQd49s51w6tAbJDW0w9N5Mln4VV6c J9115ZQV6Eg3OHUVTiNPiUcJPReUv+JmLmsL7BZ25Cra/XAi5bBliA4JNnLiaexxGS1A SrDQ== X-Gm-Message-State: AMke39nbQ9qZ74BusulR7lBd0m0PfgrXATWiga9sTdGAmUZInftcLPYwgn4Rw2gjLNKo7A== X-Received: by 10.31.96.200 with SMTP id u191mr11197681vkb.53.1486584190548; Wed, 08 Feb 2017 12:03:10 -0800 (PST) Received: from [10.0.1.86] ([186.75.71.9]) by smtp.gmail.com with ESMTPSA id y7sm3180904vky.16.2017.02.08.12.03.09 for (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 08 Feb 2017 12:03:09 -0800 (PST) From: Jordan Zimmerman Content-Type: multipart/alternative; boundary="Apple-Mail=_49B54455-2AED-4125-9027-F1E810EB3612" Mime-Version: 1.0 (Mac OS X Mail 10.2 \(3259\)) Subject: Re: Setting acls in Zookeeper Date: Wed, 8 Feb 2017 15:03:07 -0500 References: <737C3389-AFEE-451E-BA20-5E363C4978B3@jordanzimmerman.com> To: user@zookeeper.apache.org In-Reply-To: Message-Id: <0F37F0F7-B4DA-4A8B-93F4-32F139C7DFB5@jordanzimmerman.com> X-Mailer: Apple Mail (2.3259) archived-at: Wed, 08 Feb 2017 20:03:15 -0000 --Apple-Mail=_49B54455-2AED-4125-9027-F1E810EB3612 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 AddAuth sets the authorization value for the current connection. It's = the client-side portion of the ACL spec. What you want is "setAcl". setAcl [-s] [-v version] path acl -Jordan > On Feb 8, 2017, at 1:52 PM, Megha Sharma = wrote: >=20 > Thanks Jordan > That was my understanding as well, wanted to make sure that setting = acls > doesn't need zkServer restart. The way I am setting the acls could be > faulty then, I am trying to set the acl ZOO_AUTH_IDS and > ZOO_READ_ACL_UNSAFE using zkCli. According to zookeeper doc, = ZOO_AUTH_IDS > translates to (=E2=80=98auth=E2=80=99,=E2=80=99=E2=80=99) and empty = identity string should be interpreted > as =E2=80=9Cthe identity of the creator=E2=80=9D. I have tried both = empty identity string > (2) and with credentials (1) with zkCli and I am not sure which is the > correct way of achieving ZOO_AUTH_IDS. >=20 >=20 > 1) addauth digest user:pwd > setAcl /mesos world:anyone:r,auth::crdwa >=20 > 2) addauth digest user:pwd > setAcl /mesos world:anyone:r,auth:user:pwd:cdrwa >=20 > Thanks > Megha >=20 >=20 > On Wed, Feb 8, 2017 at 7:27 AM, Jordan Zimmerman = > wrote: >=20 >>> I have been trying to set acls with zkCli and it seems like the acls >> don=E2=80=99t >>> take effect until all the zkServers are restarted. Do the acls need >>> zkServer restart? >>=20 >> No. ACL changes take effect immediately. It's a ZNode modification = like >> any other. Do you have an example of the problem? >>=20 >> -Jordan --Apple-Mail=_49B54455-2AED-4125-9027-F1E810EB3612--