disable default redis account; docs

Signed-off-by: Bill Erickson <berickxx@gmail.com>

diff --git a/README b/README
index b4992d3..5b6a45d 100644 (file)
--- a/README
+++ b/README
@@ -287,14 +287,21 @@ cp opensrf.xml.example opensrf.xml
 
 Creating Redis Accounts
 --------------------------------------
-
 Before starting services, it's necessary to create Redis accounts.
 Issue the following command as the *opensrf* Linux account:
-
++
 [source, bash]
 ---------------------------------------------------------------------------
 osrf_control --reset-message-bus
 ---------------------------------------------------------------------------
++
+[NOTE]
+===========================================================================
+The script which creates Redis OpenSRF accounts also disables the
+'default' (password-less) Redis account for security reasons.  To access
+the Redis command line with full privileges, use the 'admin' user and
+associated password from the SYSCONFDIR/redis-accounts.txt file.
+===========================================================================
 
 Starting and stopping OpenSRF services
 --------------------------------------

diff --git a/examples/redis-accounts.txt.in b/examples/redis-accounts.txt.in
index becb5e4..bc98edf 100644 (file)
--- a/examples/redis-accounts.txt.in
+++ b/examples/redis-accounts.txt.in
@@ -30,5 +30,9 @@ ACL SETUSER admin reset
 ACL SETUSER admin on >@ADMIN_BUS_PASS@
 ACL SETUSER admin +@all ~*
 
+SET comment "disable the 'default' account"
+
+ACL SETUSER default off
+
 DEL comment