Checked with ZooKeeper 3.4.6.
Useful zkCli snippets:
- anonymous access to a node:
- username/password access to a node (
test/test) - username/password access to a node, read for everyone
- username/password access to a node, read for another username/password
setAcl /test/test01 world:anyone:crdwa
setAcl /test/test01 digest:test:V28q/NynI4JI3Rk54h0r8O5kMug=:crwda
setAcl /test/test01 world:anyone:r,digest:test:V28q/NynI4JI3Rk54h0r8O5kMug=:crwda
setAcl /test/test01 digest:testa:yDww3vDTFt2Vn+04UEvCSRsOLbU=:r,digest:test:V28q/NynI4JI3Rk54h0r8O5kMug=:crwda
How to get the password hash
The password can be generated with one of ZooKeeper classes. The followingzkPasswd.sh will help:
#!/usr/bin/env bash
ZOOBIN="${BASH_SOURCE-$0}"
ZOOBIN="$(dirname "${ZOOBIN}")"
ZOOBINDIR="$(cd "${ZOOBIN}"; pwd)"
if [ -e "$ZOOBIN/../libexec/zkEnv.sh" ]; then
. "$ZOOBINDIR"/../libexec/zkEnv.sh
else
. "$ZOOBINDIR"/zkEnv.sh
fi
"$JAVA" "-Dzookeeper.log.dir=${ZOO_LOG_DIR}" \
"-Dzookeeper.root.logger=${ZOO_LOG4J_PROP}" \
-cp "$CLASSPATH" $CLIENT_JVMFLAGS $JVMFLAGS \
org.apache.zookeeper.server.auth.DigestAuthenticationProvider "$@"
Usage:
> ./zkPasswd.sh test:test test:test->test:V28q/NynI4JI3Rk54h0r8O5kMug=Password hashes are generated for
username:password pair - if you change the username and keep the password, you need
to regenerate the hash. Hash for test:test will be different than for test1:test.
