Please check out the reconfig release document for 3.5.3 beta, in particular section "Access Control": https://zookeeper.apache.org/doc/r3.5.3-beta/zookeeperReconfig.html
*"The dynamic configuration is stored in a special znode ZooDefs.CONFIG_NODE = /zookeeper/config. This node by default is read only for all users, except super user and users that's explicitly configured for write access.* *Clients that need to use reconfig commands or reconfig API should be configured as users that have write access to CONFIG_NODE. By default, only the super user has full control including write access to CONFIG_NODE. Additional users can be granted write access through superuser by setting an ACL that has write permission associated with specified user.* *A few examples of how to setup ACLs and use reconfiguration API with authentication can be found in ReconfigExceptionTest.java and TestReconfigServer.cc."* This is the recommended approach. The "skipACL" approach is not recommended to use from a security perspective unless you don't care about access control and also running ensembles in a trusted environment. On Wed, Oct 31, 2018 at 12:00 PM bmugs <mugdhabondre9...@gmail.com> wrote: > Hi, > > We were also facing the same issue, this is how we resolved it: > > Before starting the ZK server, add the following to zkServer.sh - > "-Dzookeeper.skipACL=yes" > > This will skip the ACL authentication and you will be able to use reconfig > command. > Albeit this comes with a risk as you removes all authentication. > > Hope this helps! > > > > > -- > Sent from: http://zookeeper-user.578899.n2.nabble.com/ >
