Hortonworks Docs » Hortonworks Data Platform 3.1.4 » Apache ZooKeeper ACLs
Apache ZooKeeper ACLs
Also available as:
PDF

ZooKeeper ACLs Best Practices: ZooKeeper

You must follow the best practices for tightening the ZooKeeper ACLs or permissions for ZooKeeper when provisioning a secure cluster.

  • ZooKeeper Usage:

    • /zookeeper - node stores metadata of ZooKeeper itself.

    • /zookeeper/quota stores quota information. In the Apache ZooKeeper 3.5 release line.

    • /zookeeper/config stores dynamic reconfiguration information, but this is not applicable to HDP, which bases its ZooKeeper release off of the Apache ZooKeeper 3.4 release line.

  • Default ACLs:

    • /zookeeper - world:anyone:cdrwa

  • Security Best Practice ACLs/Permissions and Required Steps:

    The following steps must be manually performed by users who are using the ZooKeeper quota feature. Components in HDP do not use this feature by default -- most users do not need to execute the following commands.

    • /zookeeper - sasl:zookeeper:cdrwa

    • setAcl sasl:zookeeper:rwcda

© 2012–2019, Hortonworks, Inc.
Document licensed under the Creative Commons Attribution ShareAlike 4.0 License.
Hortonworks.com | Documentation | Support | Community