Thanks. That makes sense.

-Harold

--- On Thu, 6/25/09, Mahadev Konar <maha...@yahoo-inc.com> wrote:

> From: Mahadev Konar <maha...@yahoo-inc.com>
> Subject: Re: General Question about Zookeeper
> To: zookeeper-user@hadoop.apache.org
> Date: Thursday, June 25, 2009, 2:29 PM
> Hi Harold,
>   Let me explain the whole concept of ZooKeeper Acls.
> 
> 1) Zookeeper servers are run using some user id say X
> 2) zookeeper client use ZooKeeper client libaryr to create
> zookeeper nodes
> on zookeeper servers. They could be running as user id C.
> They can provide
> acl's to create such nodes for there accessability
> restrictions. These ACL's
> have NOTHING to do with (user id X) or user id C. The
> access controls are
> intependent of any user id the client is running with or
> the server is
> running with
> 3) A user X can obviously create zookeeper database since
> he has access to
> the local filesystem data that zookeeper is snapshots/txns
> into.
> 
> 
> Hope this helps.
> Mahadev
>  
> On 6/25/09 11:20 AM, "Harold Lim" <rold...@yahoo.com>
> wrote:
> 
> > 
> > Hi Henry,
> > 
> > Does that mean for example, if I own the Zookeeper
> server and physical machine
> > and have lots of clients using this Zookeeper server,
> I can simply look at the
> > logfiles and snapshot files and see all of the
> information created by those
> > clients?
> > 
> > 
> > Thanks,
> > Harold
> > 
> > --- On Thu, 6/25/09, Henry Robinson <he...@cloudera.com>
> wrote:
> > 
> >> From: Henry Robinson <he...@cloudera.com>
> >> Subject: Re: General Question about Zookeeper
> >> To: zookeeper-user@hadoop.apache.org
> >> Date: Thursday, June 25, 2009, 2:01 PM
> >> Hi Harold,
> >> 
> >> Each ZooKeeper server stores updates to znodes in
> logfiles,
> >> and periodic
> >> snapshots of the state of the datatree in snapshot
> files.
> >> 
> >> A user who has the same permissions as the server
> will be
> >> able to read these
> >> files, and can therefore recover the state of the
> datatree
> >> without the ZK
> >> server intervening. ACLs are applied only by the
> server;
> >> there is no
> >> filesystem-level representation of them.
> >> 
> >> Henry
> >> 
> >> 
> >> 
> >> On Thu, Jun 25, 2009 at 6:48 PM, Harold Lim <rold...@yahoo.com>
> >> wrote:
> >> 
> >>> 
> >>> Hi All,
> >>> 
> >>> How does zookeeper store data/files?
> >>> From reading the doc, the clients can put ACL
> on
> >> files/znodes to limit
> >>> read/write/create of other clients. However, I
> was
> >> wondering how are these
> >>> znodes stored on Zookeeper servers?
> >>> 
> >>> I am interested in a security aspect of
> zookeeper,
> >> where the clients and
> >>> the servers don't necessarily belong to the
> same
> >> "group". If a client
> >>> creates a znode in the zookeeper? Can the
> person, who
> >> owns the zookeeper
> >>> server, simply look at its filesystem and read
> the
> >> data (out-of-band, not
> >>> using a client, simply browsing the file
> system of the
> >> machine hosting the
> >>> zookeeper server)?
> >>> 
> >>> 
> >>> Thanks,
> >>> Harold
> >>> 
> >>> 
> >>> 
> >>> 
> >> 
> > 
> > 
> >       
> 
> 



Reply via email to