Hi David, Good question. You can set acls on the root. There is a minor bug related to it (though its easy to get around it).
The jira is http://issues.apache.org/jira/browse/ZOOKEEPER-433 The bug is that ZooKeeper does not allow you to do a get acl on the root if it has not been set. You will still be able to set acl on the root and then do a getacl with the right auth but just that a get acl on a raw root node without any acl's being set by admin/user fails. Hope that helps mahadev On 6/17/09 12:56 AM, "David Graf" <david.g...@28msec.com> wrote: > Hello > > Thanks a lot for the answers! > > Due to the fact that I am running my ZooKeeper servers and clients on > Amazon EC2 instances, using the ec2 Security Groups might be the best > choice. > > Nevertheless, I have a question concerning the authentification on the > znode level. How is it possible to prevent clients creating node on > the root level? Is it also possible to set an ACL on the root > (although the root is not created by a client)? > > David