From c4f7cd9935063b2d230efeb885b96043e1a03072 Mon Sep 17 00:00:00 2001
From: Bill Erickson <berickxx@gmail.com>
Date: Wed, 10 May 2023 17:46:47 -0400
Subject: [PATCH] disable default redis account; docs

Signed-off-by: Bill Erickson <berickxx@gmail.com>
---
 README                         | 11 +++++++++--
 examples/redis-accounts.txt.in |  4 ++++
 2 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/README b/README
index b4992d3..5b6a45d 100644
--- a/README
+++ b/README
@@ -287,14 +287,21 @@ cp opensrf.xml.example opensrf.xml
 
 Creating Redis Accounts
 --------------------------------------
-
 Before starting services, it's necessary to create Redis accounts.
 Issue the following command as the *opensrf* Linux account:
-
++
 [source, bash]
 ---------------------------------------------------------------------------
 osrf_control --reset-message-bus
 ---------------------------------------------------------------------------
++
+[NOTE]
+===========================================================================
+The script which creates Redis OpenSRF accounts also disables the
+'default' (password-less) Redis account for security reasons.  To access
+the Redis command line with full privileges, use the 'admin' user and
+associated password from the SYSCONFDIR/redis-accounts.txt file.
+===========================================================================
 
 Starting and stopping OpenSRF services
 --------------------------------------
diff --git a/examples/redis-accounts.txt.in b/examples/redis-accounts.txt.in
index becb5e4..bc98edf 100644
--- a/examples/redis-accounts.txt.in
+++ b/examples/redis-accounts.txt.in
@@ -30,5 +30,9 @@ ACL SETUSER admin reset
 ACL SETUSER admin on >@ADMIN_BUS_PASS@
 ACL SETUSER admin +@all ~*
 
+SET comment "disable the 'default' account"
+
+ACL SETUSER default off
+
 DEL comment
 
-- 
2.11.0