Re: General Question about Zookeeper

2009-06-25 Thread Gustavo Niemeyer
Hey Harold, I am interested in a security aspect of zookeeper, where the clients and the servers don't necessarily belong to the same group. If a client creates a znode in the zookeeper? Can the person, who owns the zookeeper server, simply look at its filesystem and read the data

Re: General Question about Zookeeper

2009-06-25 Thread Henry Robinson
Hi Harold, Each ZooKeeper server stores updates to znodes in logfiles, and periodic snapshots of the state of the datatree in snapshot files. A user who has the same permissions as the server will be able to read these files, and can therefore recover the state of the datatree without the ZK

Re: General Question about Zookeeper

2009-06-25 Thread Harold Lim
to ZooKeeper, without breaking the original privacy/security motivation. -Harold --- On Thu, 6/25/09, Gustavo Niemeyer gust...@niemeyer.net wrote: From: Gustavo Niemeyer gust...@niemeyer.net Subject: Re: General Question about Zookeeper To: zookeeper-user@hadoop.apache.org Date: Thursday, June 25

Re: General Question about Zookeeper

2009-06-25 Thread Harold Lim
, Henry Robinson he...@cloudera.com wrote: From: Henry Robinson he...@cloudera.com Subject: Re: General Question about Zookeeper To: zookeeper-user@hadoop.apache.org Date: Thursday, June 25, 2009, 2:01 PM Hi Harold, Each ZooKeeper server stores updates to znodes in logfiles, and periodic

Re: General Question about Zookeeper

2009-06-25 Thread Mahadev Konar
Hi Harold, As Henry mentioned, what acl's provide you is preventing access to znodes. If someone has access to zookeeper's data stored on zookeeper's server machines, they should be able to resconstruct the data and read it (using zookeeper deserialization code). I am not sure what kind of

Re: General Question about Zookeeper

2009-06-25 Thread Mahadev Konar
look at the logfiles and snapshot files and see all of the information created by those clients? Thanks, Harold --- On Thu, 6/25/09, Henry Robinson he...@cloudera.com wrote: From: Henry Robinson he...@cloudera.com Subject: Re: General Question about Zookeeper To: zookeeper-user

Re: General Question about Zookeeper

2009-06-25 Thread Harold Lim
Thanks. That makes sense. -Harold --- On Thu, 6/25/09, Mahadev Konar maha...@yahoo-inc.com wrote: From: Mahadev Konar maha...@yahoo-inc.com Subject: Re: General Question about Zookeeper To: zookeeper-user@hadoop.apache.org Date: Thursday, June 25, 2009, 2:29 PM Hi Harold,   Let me