Hi Bharath. I could be wrong, but I believe you are mis-interpreting the permissions. Please see: http://zookeeper.apache.org/doc/r3.4.5/zookeeperProgrammers.html#sc_ACLPermissions
Note that create/delete apply to child nodes, not the node itself. "DELETE: you can delete a child node" I don't know what you've set for "/" though, so it's hard to say definitively. Patrick On Sat, Feb 6, 2016 at 5:47 PM, Bharath Ravi Kumar <[email protected]> wrote: > Can someone please clarify if this is indeed a bug, or if my usage is > incorrect? (I have *not* set zookeeper.skipACL to true). > > Thanks. > > On Sat, Feb 6, 2016 at 8:14 PM, Bharath Ravi Kumar <[email protected]> > wrote: > >> +dev >> On 06-Feb-2016 3:48 pm, "Bharath Ravi Kumar" <[email protected]> wrote: >> >>> Hi, >>> >>> It appears that ACL's set through setAcl or create aren't being honoured. >>> I created a node through the zkCli as follows: >>> create /apps apps_root >>> digest:appsadmin:ukP2eoiopvSwCQaWSu3LI7qCLOQ=:crdwa,world:anyone:r >>> I expect the above to have the effect of granting read (and list) >>> permissions on /apps but to allow appsadmin to perform any action on the >>> node. I verified that the ACL's had been set by running getAcl: >>> >>> getAcl /apps >>> 'digest,'appsadmin:ukP2eoiopvSwCQaWSu3LI7qCLOQ= >>> : cdrwa >>> 'world,'anyone >>> : r >>> >>> After creating the node, I exited the cli and launched it again, this >>> time not executing addauth. As an anonymous user, I was able to get and >>> list /apps, but not create a child node. However, I *could successfully* >>> rmr /apps as an anon user, which shouldn't be the case. I'm running zk >>> 3.4.5 as standalone on OpenJDK 1.8 (tried with sun jdk 1.7 as well) on >>> Ubuntu 14.04. Can someone explain if this behaviour is expected? >>> >>> Thanks, >>> Bharath >>> >>
