Each ZooKeeper server stores updates to znodes in logfiles, and periodic
snapshots of the state of the datatree in snapshot files.
A user who has the same permissions as the server will be able to read these
files, and can therefore recover the state of the datatree without the ZK
server intervening. ACLs are applied only by the server; there is no
filesystem-level representation of them.
On Thu, Jun 25, 2009 at 6:48 PM, Harold Lim <rold...@yahoo.com> wrote:
> Hi All,
> How does zookeeper store data/files?
> From reading the doc, the clients can put ACL on files/znodes to limit
> read/write/create of other clients. However, I was wondering how are these
> znodes stored on Zookeeper servers?
> I am interested in a security aspect of zookeeper, where the clients and
> the servers don't necessarily belong to the same "group". If a client
> creates a znode in the zookeeper? Can the person, who owns the zookeeper
> server, simply look at its filesystem and read the data (out-of-band, not
> using a client, simply browsing the file system of the machine hosting the
> zookeeper server)?