General Question about Zookeeper

2009-06-25 Thread Harold Lim
Hi All, How does zookeeper store data/files? From reading the doc, the clients can put ACL on files/znodes to limit read/write/create of other clients. However, I was wondering how are these znodes stored on Zookeeper servers? I am interested in a security aspect of zookeeper, where the

Re: General Question about Zookeeper

2009-06-25 Thread Gustavo Niemeyer
Hey Harold, I am interested in a security aspect of zookeeper, where the clients and the servers don't necessarily belong to the same group. If a client creates a znode in the zookeeper? Can the person, who owns the zookeeper server, simply look at its filesystem and read the data

Re: General Question about Zookeeper

2009-06-25 Thread Henry Robinson
Hi Harold, Each ZooKeeper server stores updates to znodes in logfiles, and periodic snapshots of the state of the datatree in snapshot files. A user who has the same permissions as the server will be able to read these files, and can therefore recover the state of the datatree without the ZK

Re: General Question about Zookeeper

2009-06-25 Thread Harold Lim
Hi Gustavo, Actually, in my case, we have a fully decentralized service. Something like where you have users in a social network. Originally, we were thinking of using a distributed consensus algorithm (e.g., Paxos) to perform some functionalities (e.g., leader election). Then, I read about

Re: General Question about Zookeeper

2009-06-25 Thread Harold Lim
Hi Henry, Does that mean for example, if I own the Zookeeper server and physical machine and have lots of clients using this Zookeeper server, I can simply look at the logfiles and snapshot files and see all of the information created by those clients? Thanks, Harold --- On Thu, 6/25/09,

Re: General Question about Zookeeper

2009-06-25 Thread Mahadev Konar
Hi Harold, As Henry mentioned, what acl's provide you is preventing access to znodes. If someone has access to zookeeper's data stored on zookeeper's server machines, they should be able to resconstruct the data and read it (using zookeeper deserialization code). I am not sure what kind of

Re: General Question about Zookeeper

2009-06-25 Thread Mahadev Konar
Hi Harold, Let me explain the whole concept of ZooKeeper Acls. 1) Zookeeper servers are run using some user id say X 2) zookeeper client use ZooKeeper client libaryr to create zookeeper nodes on zookeeper servers. They could be running as user id C. They can provide acl's to create such nodes

Re: General Question about Zookeeper

2009-06-25 Thread Harold Lim
Thanks. That makes sense. -Harold --- On Thu, 6/25/09, Mahadev Konar maha...@yahoo-inc.com wrote: From: Mahadev Konar maha...@yahoo-inc.com Subject: Re: General Question about Zookeeper To: zookeeper-user@hadoop.apache.org Date: Thursday, June 25, 2009, 2:29 PM Hi Harold,   Let me