-
Type:
Bug
-
Status: Open
-
Priority:
Minor
-
Resolution: Unresolved
-
Affects Version/s: 2.0.0
-
Fix Version/s: None
-
Component/s: security
-
Labels:None
If I start broker with zookeeper.set.acl=true from the first time I start the broker, the root ZNode is not set to be world-readable to allow other application to share the Zookeeper ensemble with chroot.
But if I run zookeeper-security-migration.sh with –zookeeper.acl secure, the root ZNode becomes world-readable. Is this correct?
root@localhost:/# zookeeper-shell localhost:2181 Connecting to localhost:2181 Welcome to ZooKeeper! JLine support is enabled [zk: localhost:2181(CONNECTING) 0] WATCHER:: WatchedEvent state:SyncConnected type:None path:null WATCHER:: WatchedEvent state:SaslAuthenticated type:None path:null [zk: localhost:2181(CONNECTED) 0] getAcl / 'world,'anyone : cdrwa [zk: localhost:2181(CONNECTED) 1] getAcl /brokers 'world,'anyone : r 'sasl,'kafkabroker : cdrwa [zk: localhost:2181(CONNECTED) 2] quit Quitting... root@localhost:/# zookeeper-security-migration --zookeeper.acl secure --zookeeper.connect localhost:2181 root@localhost:/# zookeeper-shell localhost:2181 Connecting to localhost:2181 Welcome to ZooKeeper! JLine support is enabled [zk: localhost:2181(CONNECTING) 0] WATCHER:: WatchedEvent state:SyncConnected type:None path:null WATCHER:: WatchedEvent state:SaslAuthenticated type:None path:null [zk: localhost:2181(CONNECTED) 0] getAcl / 'world,'anyone : r 'sasl,'kafkabroker : cdrwa [zk: localhost:2181(CONNECTED) 1] getAcl /brokers 'world,'anyone : r 'sasl,'kafkabroker : cdrwa [zk: localhost:2181(CONNECTED) 2]