Thanks. That makes sense.
-Harold --- On Thu, 6/25/09, Mahadev Konar <maha...@yahoo-inc.com> wrote: > From: Mahadev Konar <maha...@yahoo-inc.com> > Subject: Re: General Question about Zookeeper > To: zookeeper-user@hadoop.apache.org > Date: Thursday, June 25, 2009, 2:29 PM > Hi Harold, > Let me explain the whole concept of ZooKeeper Acls. > > 1) Zookeeper servers are run using some user id say X > 2) zookeeper client use ZooKeeper client libaryr to create > zookeeper nodes > on zookeeper servers. They could be running as user id C. > They can provide > acl's to create such nodes for there accessability > restrictions. These ACL's > have NOTHING to do with (user id X) or user id C. The > access controls are > intependent of any user id the client is running with or > the server is > running with > 3) A user X can obviously create zookeeper database since > he has access to > the local filesystem data that zookeeper is snapshots/txns > into. > > > Hope this helps. > Mahadev > > On 6/25/09 11:20 AM, "Harold Lim" <rold...@yahoo.com> > wrote: > > > > > Hi Henry, > > > > Does that mean for example, if I own the Zookeeper > server and physical machine > > and have lots of clients using this Zookeeper server, > I can simply look at the > > logfiles and snapshot files and see all of the > information created by those > > clients? > > > > > > Thanks, > > Harold > > > > --- On Thu, 6/25/09, Henry Robinson <he...@cloudera.com> > wrote: > > > >> From: Henry Robinson <he...@cloudera.com> > >> Subject: Re: General Question about Zookeeper > >> To: zookeeper-user@hadoop.apache.org > >> Date: Thursday, June 25, 2009, 2:01 PM > >> Hi Harold, > >> > >> Each ZooKeeper server stores updates to znodes in > logfiles, > >> and periodic > >> snapshots of the state of the datatree in snapshot > files. > >> > >> A user who has the same permissions as the server > will be > >> able to read these > >> files, and can therefore recover the state of the > datatree > >> without the ZK > >> server intervening. ACLs are applied only by the > server; > >> there is no > >> filesystem-level representation of them. > >> > >> Henry > >> > >> > >> > >> On Thu, Jun 25, 2009 at 6:48 PM, Harold Lim <rold...@yahoo.com> > >> wrote: > >> > >>> > >>> Hi All, > >>> > >>> How does zookeeper store data/files? > >>> From reading the doc, the clients can put ACL > on > >> files/znodes to limit > >>> read/write/create of other clients. However, I > was > >> wondering how are these > >>> znodes stored on Zookeeper servers? > >>> > >>> I am interested in a security aspect of > zookeeper, > >> where the clients and > >>> the servers don't necessarily belong to the > same > >> "group". If a client > >>> creates a znode in the zookeeper? Can the > person, who > >> owns the zookeeper > >>> server, simply look at its filesystem and read > the > >> data (out-of-band, not > >>> using a client, simply browsing the file > system of the > >> machine hosting the > >>> zookeeper server)? > >>> > >>> > >>> Thanks, > >>> Harold > >>> > >>> > >>> > >>> > >> > > > > > > > >
