zookeeper 节点授权:
当我们取消节点的admin权限时,使用普通用户无法对节点进行重新授权
[zk: localhost:2181(CONNECTED) 2] getAcl /test
Authentication is not valid : /test
[zk: localhost:2181(CONNECTED) 3] addauth digest fc:P@ssw0rd132
[zk: localhost:2181(CONNECTED) 4] getAcl /test
'digest,'super:gG7s8t3oDEtIqF6DM9LlI/R+9Ss=
: cdrwa
'digest,'super:xQJmxLMiHGwaqBvst5y6rkB6HQs=
: cdrwa
'digest,'fc:1pbK2utA9nv57dJxniy8u6Rmy70=
: cdrwa
[zk: localhost:2181(CONNECTED) 5] setAcl /test auth:fc:cdrw
[zk: localhost:2181(CONNECTED) 6] getAcl /test
'digest,'fc:x
: cdrw
[zk: localhost:2181(CONNECTED) 7] setAcl /test auth:fc:cdr
Authentication is not valid : /test
[zk: localhost:2181(CONNECTED) 8]
解决方法:
使用超级管理员授权,用户权限被更改
[zk: localhost:2181(CONNECTED) 8] addauth digest super:admin
[zk: localhost:2181(CONNECTED) 9] setAcl /test auth:fc:cdr
[zk: localhost:2181(CONNECTED) 10] getAcl /test
'digest,'fc:1pbK2utA9nv57dJxniy8u6Rmy70=
: cdr
'digest,'super:xQJmxLMiHGwaqBvst5y6rkB6HQs=
: cdr
[zk: localhost:2181(CONNECTED) 11]
zkServer.sh启动脚本 里添加超级用户 super:admin
addauth digest super:admin
nohup "$JAVA" $ZOO_DATADIR_AUTOCREATE "-Dzookeeper.log.dir=${ZOO_LOG_DIR}" \
"-Dzookeeper.log.file=${ZOO_LOG_FILE}" "-Dzookeeper.root.logger=${ZOO_LOG4J_PROP}" \
"-Dzookeeper.DigestAuthenticationProvider.superDigest=super:xQJmxLMiHGwaqBvst5y6rkB6HQs=" \
-Dzookeeper.admin.enableServer=false -XX:+HeapDumpOnOutOfMemoryError -XX:OnOutOfMemoryError='kill -9 %p' \
-cp "$CLASSPATH" $JVMFLAGS $ZOOMAIN "$ZOOCFG" > "$_ZOO_DAEMON_OUT" 2>&1 < /dev/null &