Tyvm for your answer. It helped a lot.
BR. Din Le 12 janv. 2016 18:10, "John Sirois" <[email protected]> a écrit : > On Tue, Jan 12, 2016 at 9:54 AM, Din Aubevie <[email protected]> > wrote: > > > Hello ! > > > > I send you this mail because I'm encountering some problems with a znode > in > > zookeeper. > > Trying to solve this problem, I tried to understand better the zookeeper > > acl but I cannot find documentation about this. > > > > I mean, yes, there is this link : > > > http://zookeeper.apache.org/doc/trunk/zookeeperProgrammers.html#Data+Access > > > > But I was wondering if there was documentation about setting acl with > zkCli > > ? > > > > When I try to set an acl for a znode, like /oozie, > > ### > > setAcl /oozie world:anyone > > ### > > > > I get the following error message : > > ### > > world:anyone does not have the form scheme:id:perm > > Acl is not valid : /oozie > > ### > > > > What is the right syntax for a zookeeper acl please ? > > > > The perms in zkCli is a sequence of one or more characters, each character > the 1st character of the perms described in the doc you linked above, so: c > = CREATE, r = READ, d = DELETE, w = WRITE, a = ADMIN > > Using your example, the session below sets the ACL on /oozie such that > world can only READ: > [zk: localhost:2181(CONNECTED) 1] create /oozie '' > Created /oozie > [zk: localhost:2181(CONNECTED) 2] setAcl /oozie world:anyone:r > cZxid = 0x2 > ctime = Tue Jan 12 09:58:15 MST 2016 > mZxid = 0x2 > mtime = Tue Jan 12 09:58:15 MST 2016 > pZxid = 0x2 > cversion = 0 > dataVersion = 0 > aclVersion = 1 > ephemeralOwner = 0x0 > dataLength = 2 > numChildren = 0 > [zk: localhost:2181(CONNECTED) 3] getAcl /oozie > 'world,'anyone > : r > > > You might be interested in zk-shell [1] which is more helpful here (note > that `help set_acls` below shows examples that use cdrwa: > $ zk-shell > Welcome to zk-shell (1.1.1) > (DISCONNECTED) /> connect > > Wrong params: too few arguments, expected: hosts > > connect: > NAME > connect - Connects to a host from a list of hosts given > > SYNOPSIS > connect <hosts> > > EXAMPLES > > connect host1:2181,host2:2181 > > > (DISCONNECTED) /> connect localhost:2181 > (CONNECTING) /> > (CONNECTED) /> ? > > Documented commands (type help <topic>): > ======================================== > EOF disconnect history pwd > time > add_auth du ifind quit > tree > cd dump igrep reconfig > txn > check echo json_cat reconnect > watch > child_count edit json_count_values rm > zero > child_matches ephemeral_endpoint json_dupes_for_keys rmr > child_watch exists json_get session_endpoint > chkzk exit json_valid session_info > conf fill loop set > connect find ls set_acls > cons get man sleep > cp get_acls mirror stat > create grep mntr summary > diff help pipe sync > > (CONNECTED) /> help set_acls > > NAME > set_acls - Sets ACLs for a given path > > SYNOPSIS > set_acls <path> <acls> [recursive] > > OPTIONS > * recursive: recursively set the acls on the children > > EXAMPLES > > set_acls /some/path 'world:anyone:r > digest:user:aRxISyaKnTP2+OZ9OmQLkq04bvo=:cdrwa' > > set_acls /some/path 'world:anyone:r > username_password:user:p@ass0rd:cdrwa' > > set_acls /path 'world:anyone:r' true > > [1] https://github.com/rgs1/zk_shell > > > > Best regards. > > > > Din. > > >
