[
https://issues.apache.org/jira/browse/ZOOKEEPER-424?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12997388#comment-12997388
]
Andrei Savu commented on ZOOKEEPER-424:
---------------------------------------
FYI the ZooKeeper rest server already supports this:
Sample config for a chrooted channel:
{code}
rest.port = 9998
rest.endpoint.1 = /channel;localhost:2181,localhost:2182,localhost:2183/app-root
rest.endpoint.1.http.auth = user:pass,user2:pass2
rest.endpoint.1.zk.digest = appuser:pass
{code}
You should also enable SSL because the browser sends the password as plain text
{code}
rest.ssl = true
rest.ssl.jks = keys/rest.jks
rest.ssl.jks.pass = 123456
{code}
> server side chroot enforcment - link to auth
> --------------------------------------------
>
> Key: ZOOKEEPER-424
> URL: https://issues.apache.org/jira/browse/ZOOKEEPER-424
> Project: ZooKeeper
> Issue Type: Improvement
> Components: server
> Reporter: Patrick Hunt
> Fix For: 3.4.0
>
>
> Allow the server administrator to enforce a particular root on specific
> authenticated users.
> ZOOKEEPER-237 implements the client side of this - the client can set a
> chroot, however this doesn't allow
> someone like an administrator to enforce the root.
> We should add the ability to the server to verify that all accesses are to a
> particular root.
> We currently have ACLs which provide essentially this, however there are a
> few small issues where root enforcement
> would be useful from server operator perspective.
--
This message is automatically generated by JIRA.
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
