ACL許可權設定
阿新 • • 發佈:2018-11-01
許可權字串縮寫crdwa:
create:建立子節點
read:獲取節點/子節點
write:設定節點資料
delete:刪除節點
admin:設定許可權
命令列配置許可權, world:anyone:cdrwa為預設的許可權(許可權更改:cdrwa --> crwa):
[zk: localhost:2181(CONNECTED) 45] getAcl /imocc/abc 'world,'anyone : cdrwa //預設許可權 [zk: localhost:2181(CONNECTED) 47] setAcl /imocc/abc world:anyone:crwa //修改許可權 cZxid = 0x20000000f ctime = Tue Oct 23 11:42:43 CST 2018 mZxid = 0x20000000f mtime = Tue Oct 23 11:42:43 CST 2018 pZxid = 0x20000000f cversion = 0 dataVersion = 0 aclVersion = 1 ephemeralOwner = 0x0 dataLength = 3 numChildren = 0 [zk: localhost:2181(CONNECTED) 48] getAcl /imocc/abc 'world,'anyone : crwa //修改後的許可權
沒有刪除的許可權後,不能刪除節點:
[zk: localhost:2181(CONNECTED) 50] create /imocc/abc/xyz 123
Created /imocc/abc/xyz
[zk: localhost:2181(CONNECTED) 51] delete /imocc/abc/xyz
Authentication is not valid : /imocc/abc/xyz
auth設定許可權:
[zk: localhost:2181(CONNECTED) 57] create /names/imooc imooc Created /names/imooc [zk: localhost:2181(CONNECTED) 58] getAcl /names/imooc 'world,'anyone : cdrwa //預設許可權 [zk: localhost:2181(CONNECTED) 59] addauth digest imocc:imocc //新增使用者 [zk: localhost:2181(CONNECTED) 60] setAcl /names/imooc auth:imocc:imocc:cdrwa //修改許可權 cZxid = 0x200000016 ctime = Tue Oct 23 13:42:48 CST 2018 mZxid = 0x200000016 mtime = Tue Oct 23 13:42:48 CST 2018 pZxid = 0x200000016 cversion = 0 dataVersion = 0 aclVersion = 1 ephemeralOwner = 0x0 dataLength = 5 numChildren = 0 [zk: localhost:2181(CONNECTED) 61] getAcl /names/imooc //檢視修改後的許可權 'digest,'imocc:LHUU7p/GWC0oquExIJ5y3yDrUkk= //加密的密碼 : cdrwa [zk: localhost:2181(CONNECTED) 62] setAcl /names/imooc auth::cdrwa cZxid = 0x200000016 ctime = Tue Oct 23 13:42:48 CST 2018 mZxid = 0x200000016 mtime = Tue Oct 23 13:42:48 CST 2018 pZxid = 0x200000016 cversion = 0 dataVersion = 0 aclVersion = 2 ephemeralOwner = 0x0 dataLength = 5 numChildren = 0 [zk: localhost:2181(CONNECTED) 63] getAcl /names/imooc 'digest,'imocc:LHUU7p/GWC0oquExIJ5y3yDrUkk= //保持不變 : cdrwa
digest設定許可權:
[zk: localhost:2181(CONNECTED) 64] create /names/test test Created /names/test [zk: localhost:2181(CONNECTED) 66] getAcl /names/test 'world,'anyone : cdrwa [zk: localhost:2181(CONNECTED) 67] setAcl /names/test digest:imooc:LHUU7p/GWC0oquExIJ5y3yDrUkk=:cdra cZxid = 0x200000019 ctime = Tue Oct 23 13:56:56 CST 2018 mZxid = 0x200000019 mtime = Tue Oct 23 13:56:56 CST 2018 pZxid = 0x200000019 cversion = 0 dataVersion = 0 aclVersion = 1 ephemeralOwner = 0x0 dataLength = 4 numChildren = 0 [zk: localhost:2181(CONNECTED) 68] getAcl /names/test 'digest,'imooc:LHUU7p/GWC0oquExIJ5y3yDrUkk= //密碼 : cdra
IP設定許可權:
[zk: localhost:2181(CONNECTED) 84] create /names/ip ip
Created /names/ip
[zk: localhost:2181(CONNECTED) 85] getAcl /names/ip
'world,'anyone
: cdrwa
Acl is not valid : /names/ip
[zk: localhost:2181(CONNECTED) 87] setAcl /names/ip ip:172.16.0.67:cdrwa
cZxid = 0x20000001b
ctime = Tue Oct 23 14:07:18 CST 2018
mZxid = 0x20000001b
mtime = Tue Oct 23 14:07:18 CST 2018
pZxid = 0x20000001b
cversion = 0
dataVersion = 0
aclVersion = 1
ephemeralOwner = 0x0
dataLength = 2
numChildren = 0
[zk: localhost:2181(CONNECTED) 88] getAcl /names/ip
'ip,'172.16.0.67
: cdrwa