I just recently started playing with ACLs and have managed to create a ZNode that cannot be deleted or modified. Here is the sequence of events using zkCli.sh:
[zk: host:2181(CONNECTED) 0] create /test2 "" Created /test2 [zk: host:2181(CONNECTED) 1] getAcl /test2 'world,'anyone : cdrwa [zk: host:2181(CONNECTED) 2] setAcl /test2 digest:test:test:cdrwa cZxid = 0x1a00b64ca2 ctime = Wed Mar 04 10:21:41 MST 2015 mZxid = 0x1a00b64ca2 mtime = Wed Mar 04 10:21:41 MST 2015 pZxid = 0x1a00b64ca2 cversion = 0 dataVersion = 0 aclVersion = 1 ephemeralOwner = 0x0 dataLength = 2 numChildren = 0 [zk: dsearchpr001:2181(CONNECTED) 3] ls /test2 Authentication is not valid : /test2 Even after calling addauth, I am unable to modify or read the node: [zk: dsearchpr001:2181(CONNECTED) 4] addauth digest test:test [zk: dsearchpr001:2181(CONNECTED) 5] ls /test2 Authentication is not valid : /test2 I havent tried super digest yet because it's disabled and I dont want to have to bounce our cluster just to delete a test node. This is with ZK 3.4.6. Is this by design? It does work when I provide the Base64 encoded password (generated using the provided digest tool), but it seems like ZK should be a little more resilient to getting into this state. Thanks, Mike
