Good question. You can set acls on the root. There is a minor bug related
to it (though its easy to get around it).
The jira is
The bug is that ZooKeeper does not allow you to do a get acl on the root if
it has not been set. You will still be able to set acl on the root and then
do a getacl with the right auth but just that a get acl on a raw root node
without any acl's being set by admin/user fails.
Hope that helps
On 6/17/09 12:56 AM, "David Graf" <david.g...@28msec.com> wrote:
> Thanks a lot for the answers!
> Due to the fact that I am running my ZooKeeper servers and clients on
> Amazon EC2 instances, using the ec2 Security Groups might be the best
> Nevertheless, I have a question concerning the authentification on the
> znode level. How is it possible to prevent clients creating node on
> the root level? Is it also possible to set an ACL on the root
> (although the root is not created by a client)?