From: Bill Erickson <berickxx@gmail.com>
Date: Wed, 10 May 2023 21:46:47 +0000 (-0400)
Subject: disable default redis account; docs
X-Git-Url: https://old-git.evergreen-ils.org/?a=commitdiff_plain;h=c4f7cd9935063b2d230efeb885b96043e1a03072;p=working%2FOpenSRF.git

disable default redis account; docs

Signed-off-by: Bill Erickson <berickxx@gmail.com>
---

diff --git a/README b/README
index b4992d3..5b6a45d 100644
--- a/README
+++ b/README
@@ -287,14 +287,21 @@ cp opensrf.xml.example opensrf.xml
 
 Creating Redis Accounts
 --------------------------------------
-
 Before starting services, it's necessary to create Redis accounts.
 Issue the following command as the *opensrf* Linux account:
-
++
 [source, bash]
 ---------------------------------------------------------------------------
 osrf_control --reset-message-bus
 ---------------------------------------------------------------------------
++
+[NOTE]
+===========================================================================
+The script which creates Redis OpenSRF accounts also disables the
+'default' (password-less) Redis account for security reasons.  To access
+the Redis command line with full privileges, use the 'admin' user and
+associated password from the SYSCONFDIR/redis-accounts.txt file.
+===========================================================================
 
 Starting and stopping OpenSRF services
 --------------------------------------
diff --git a/examples/redis-accounts.txt.in b/examples/redis-accounts.txt.in
index becb5e4..bc98edf 100644
--- a/examples/redis-accounts.txt.in
+++ b/examples/redis-accounts.txt.in
@@ -30,5 +30,9 @@ ACL SETUSER admin reset
 ACL SETUSER admin on >@ADMIN_BUS_PASS@
 ACL SETUSER admin +@all ~*
 
+SET comment "disable the 'default' account"
+
+ACL SETUSER default off
+
 DEL comment