@antirez if i understand the code correctly, the purpose of creating the default user again in that code path was to re-create and re-register the user in the rax tree, but you did not intend to resets it's properties, right?
please see if my fix is correct.

i'm having second thoughts about keeping all the flags from old_default_user->flags, maybe i should have only kept USER_FLAG_NOPASS?

i.e. in case the previous ACL file disabled the default user, and the new ACL file doesn't do anything with the default user, i suppose it should have a default configuration (i.e. be enabled). and if i keep the flags i ruin that.

on the other hand, maybe you intended that as soon as someone uses an ACL file, he should avoid using requirepass, and set the default users's password in the acl file.. but it's odd that if the ACL rules don't touch the default user, it behaves differently if the ACL rules come from a file vs a case were the ACL rules are embedded in the config file. i.e. in one case they override requirepass and in the other case they dont.

Hi Oran, "requirepass" is only for compatibility with the past. If users mix the two, ACL LOAD should indeed remove the default user and load what is specified by the ACL file, without preserving anything I believe, so the old code looks reasonable to me.

In other terms, requirepass is a alias for ACL SETUSER default >"somepassword", or something like that.

ok. closing. thanks.