On Tue, Jan 12, 2016 at 9:54 AM, Din Aubevie <[email protected]> wrote:
> Hello ! > > I send you this mail because I'm encountering some problems with a znode in > zookeeper. > Trying to solve this problem, I tried to understand better the zookeeper > acl but I cannot find documentation about this. > > I mean, yes, there is this link : > http://zookeeper.apache.org/doc/trunk/zookeeperProgrammers.html#Data+Access > > But I was wondering if there was documentation about setting acl with zkCli > ? > > When I try to set an acl for a znode, like /oozie, > ### > setAcl /oozie world:anyone > ### > > I get the following error message : > ### > world:anyone does not have the form scheme:id:perm > Acl is not valid : /oozie > ### > > What is the right syntax for a zookeeper acl please ? > The perms in zkCli is a sequence of one or more characters, each character the 1st character of the perms described in the doc you linked above, so: c = CREATE, r = READ, d = DELETE, w = WRITE, a = ADMIN Using your example, the session below sets the ACL on /oozie such that world can only READ: [zk: localhost:2181(CONNECTED) 1] create /oozie '' Created /oozie [zk: localhost:2181(CONNECTED) 2] setAcl /oozie world:anyone:r cZxid = 0x2 ctime = Tue Jan 12 09:58:15 MST 2016 mZxid = 0x2 mtime = Tue Jan 12 09:58:15 MST 2016 pZxid = 0x2 cversion = 0 dataVersion = 0 aclVersion = 1 ephemeralOwner = 0x0 dataLength = 2 numChildren = 0 [zk: localhost:2181(CONNECTED) 3] getAcl /oozie 'world,'anyone : r You might be interested in zk-shell [1] which is more helpful here (note that `help set_acls` below shows examples that use cdrwa: $ zk-shell Welcome to zk-shell (1.1.1) (DISCONNECTED) /> connect Wrong params: too few arguments, expected: hosts connect: NAME connect - Connects to a host from a list of hosts given SYNOPSIS connect <hosts> EXAMPLES > connect host1:2181,host2:2181 (DISCONNECTED) /> connect localhost:2181 (CONNECTING) /> (CONNECTED) /> ? Documented commands (type help <topic>): ======================================== EOF disconnect history pwd time add_auth du ifind quit tree cd dump igrep reconfig txn check echo json_cat reconnect watch child_count edit json_count_values rm zero child_matches ephemeral_endpoint json_dupes_for_keys rmr child_watch exists json_get session_endpoint chkzk exit json_valid session_info conf fill loop set connect find ls set_acls cons get man sleep cp get_acls mirror stat create grep mntr summary diff help pipe sync (CONNECTED) /> help set_acls NAME set_acls - Sets ACLs for a given path SYNOPSIS set_acls <path> <acls> [recursive] OPTIONS * recursive: recursively set the acls on the children EXAMPLES > set_acls /some/path 'world:anyone:r digest:user:aRxISyaKnTP2+OZ9OmQLkq04bvo=:cdrwa' > set_acls /some/path 'world:anyone:r username_password:user:p@ass0rd:cdrwa' > set_acls /path 'world:anyone:r' true [1] https://github.com/rgs1/zk_shell > Best regards. > > Din. >
