Hi Patrick, Thanks for the response. Turns out it was an oversight at my end. I had assumed I had set world:anyone:r on "/" in the post-deployment script, but the command had failed to execute after a recent change. Once that was fixed, the rest of the acl setup worked just fine. My apologies for the oversight.
-Bharath On Sun, Feb 7, 2016 at 9:35 AM, Patrick Hunt <[email protected]> wrote: > Hi Bharath. I could be wrong, but I believe you are mis-interpreting > the permissions. Please see: > > http://zookeeper.apache.org/doc/r3.4.5/zookeeperProgrammers.html#sc_ACLPermissions > > Note that create/delete apply to child nodes, not the node itself. > > "DELETE: you can delete a child node" > > I don't know what you've set for "/" though, so it's hard to say > definitively. > > Patrick > > On Sat, Feb 6, 2016 at 5:47 PM, Bharath Ravi Kumar <[email protected]> > wrote: > > Can someone please clarify if this is indeed a bug, or if my usage is > > incorrect? (I have *not* set zookeeper.skipACL to true). > > > > Thanks. > > > > On Sat, Feb 6, 2016 at 8:14 PM, Bharath Ravi Kumar <[email protected]> > > wrote: > > > >> +dev > >> On 06-Feb-2016 3:48 pm, "Bharath Ravi Kumar" <[email protected]> > wrote: > >> > >>> Hi, > >>> > >>> It appears that ACL's set through setAcl or create aren't being > honoured. > >>> I created a node through the zkCli as follows: > >>> create /apps apps_root > >>> digest:appsadmin:ukP2eoiopvSwCQaWSu3LI7qCLOQ=:crdwa,world:anyone:r > >>> I expect the above to have the effect of granting read (and list) > >>> permissions on /apps but to allow appsadmin to perform any action on > the > >>> node. I verified that the ACL's had been set by running getAcl: > >>> > >>> getAcl /apps > >>> 'digest,'appsadmin:ukP2eoiopvSwCQaWSu3LI7qCLOQ= > >>> : cdrwa > >>> 'world,'anyone > >>> : r > >>> > >>> After creating the node, I exited the cli and launched it again, this > >>> time not executing addauth. As an anonymous user, I was able to get and > >>> list /apps, but not create a child node. However, I *could > successfully* > >>> rmr /apps as an anon user, which shouldn't be the case. I'm running zk > >>> 3.4.5 as standalone on OpenJDK 1.8 (tried with sun jdk 1.7 as well) on > >>> Ubuntu 14.04. Can someone explain if this behaviour is expected? > >>> > >>> Thanks, > >>> Bharath > >>> > >> >
