[英]ZooKeeper delete permissions enforcement understanding
[zk: 9] addauth digest user:defaultPassword
[zk: 32] create /test
Created /test
[zk: 33] create /test/can-delete null digest:user:xMNYqfrT373RREgAzmYepA2oLxY=:cdrw
Created /test/can-delete
[zk: 34] getAcl /test/can-delete
'digest,'user:xMNYqfrT373RREgAzmYepA2oLxY=:cdrw
[zk: 35] create /test/cant-delete null digest:user:xMNYqfrT373RREgAzmYepA2oMHb=:cdrw
Created /test/cant-delete
[zk: 37] delete /test/can-delete
[zk: 38] delete /test/cant-delete
( localhost:2181(CONNECTED)
removed from each line above, to improve readability) (从上面的每一行中删除了localhost:2181(CONNECTED)
,以提高可读性)
I'm not able to understand why and how is it allowing me to delete cant-delete because the ACL does not match with authenticated ID:PASSWORD. 我无法理解为什么以及如何允许我删除无法删除的内容,因为ACL与身份验证的ID:PASSWORD不匹配。 I was expecting this to throw at me a NoAuthException . 我期望这会引发NoAuthException 。
Please help, Thank you. 请帮忙,谢谢。
The ZooKeeper documentation says that: ZooKeeper 文档说:
ZooKeeper supports the following permissions: ZooKeeper支持以下权限:
CREATE: you can create a child node 创建:您可以创建一个子节点
READ: you can get data from a node and list its children. 阅读:您可以从节点获取数据并列出其子节点。
WRITE: you can set data for a node 写:您可以为节点设置数据
DELETE: you can delete a child node 删除:您可以删除一个子节点
ADMIN: you can set permissions 管理:您可以设置权限
Note that the DELETE permission applies to child nodes, not to the node itself. 请注意,“删除”权限适用于子节点,而不适用于节点本身。
This means that to prevent deletion of a node, you need to set an ACL (without the 'd' DELETE permission) on the parent of the node you are trying to protect (ie you need to set an ACL on the /test
node in your example) 这意味着要防止删除节点,您需要在要保护的节点的父节点上设置ACL(没有'd'DELETE权限)(即,您需要在/test
节点中设置ACL)你的例子)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.