Skip to content

fix default user password config when loading from acl file#7873

Closed
hwware wants to merge 1 commit intoredis:unstablefrom
hwware:acl_file_fix
Closed

fix default user password config when loading from acl file#7873
hwware wants to merge 1 commit intoredis:unstablefrom
hwware:acl_file_fix

Conversation

@hwware
Copy link
Contributor

@hwware hwware commented Oct 1, 2020

Before this commit, when configuring redis using acl file, the requirepass of default user will be ignored, for example:

in redis.conf file if we configure:
aclfile /etc/redis/users.acl
requirepass foobar

when server starts the default user password was set to empty, this was not expected behaviour:

127.0.0.1:6379> acl list

  1. "user default on nopass ~* +@ALL"
  2. "user frank on #2d9c75273d72b32df726fb545c8a4edc719f0a95a6fd993950b10c474ad9c927 ~cached:* -@ALL +acl"

This commit make sure the requirepass will take effect when acl file was used, so after the changes, default user password wil l be set if requirepass was configured.

@oranagra
Copy link
Member

oranagra commented Oct 1, 2020

@hwware please have a look at #6835
let me know what you think

@hwware
Copy link
Contributor Author

hwware commented Oct 1, 2020

@oranagra Hello Oran, thanks for linking with this discussion. my understanding of this is if we configured the requirepass, the user is expecting the default user password is being set, if the acl file doesn't have default user configuration. Since in normal case, user may doesn't configure the default user explicitly in acl file especially when server starting at first time. They may configure the requirepass option only. However if default user has been set in acl file, I agree with Salvatore the user is expecting default user should be set the same as acl file specified.

Then if we considered the following scenario:

  1. User defined RequirePass and not defined default user in acl file.
  2. User defined RequirePass and defined default user in acl file.

for the 1 scenario I would think current implementation is not correct, since the requirepass should take effect if default user has not been set in acl file, that's the reason for this fix. The second case for both current and this pr, it make sure the acl file will take effect for default user setting. Please let me know how you think this, thanks!

@oranagra
Copy link
Member

oranagra commented Oct 1, 2020

@hwware but what if a user re-loads a new ACL file.
i'm not sure if we always know if the user intend for the previous default user's password to be reset or kept.
i.e. the requirepass currently generates an ACL rule and is not really used later. only use for it is for old CONFIG GET compatibility.

What bothered me at the time is that if the ACL rules are embedded inside the config file, then they are additive on top of the one generated by requirepass, but if we load an acl file, it resets that and doesn't build on top of what's defined by requirepass

so beyond the 1 and 2 in your post above we also need to distinguish between:
3. server startup with ACL rules embedded in the config file, vs loading of an acl file.
4. what happens later with ACL LOAD command, how can it decide if it needs to respect the current DefaultUser->passwords, or the startup server.requirepass.

i.e. for 4 maybe the password was initially set by a requirepass then replaced by an ACL file, then overwritten by an ACL SETUSER command, and now we need to decide what to do on ACL LOAD command.

i'm not sure that's solvable.
I tend to agree with Salvatore that if ACL files are used (either at startup or later on by ACL LOAD), then requirepass must not be used.
If only a config file is used and CONFIG SET / ACL SETUSER commands are used, then they can be mixed (although not advised).

@hwware
Copy link
Contributor Author

hwware commented Oct 1, 2020

thanks @oranagra , if user reloads the acl file, my opinion is the default user password should be reset with requirepass one and not keeping the current changes, the reason I think this make sense is if user really want to keep current configuration, they should explicitly issue a ACL SAVE command, otherwise it will load the acl file from scratch. This is similar to CONFIG REWRITE command behavior, if the user doesn't execute the config rewrite, the current config status will be missing if they restart the server and load the config file again. But if you think keeping Salvatore's design make sense, I would suggest we update Redis conf documentation which mentioning the requirepass and aclfile are not compatible with each other, otherwise user might be confused.

@oranagra
Copy link
Member

oranagra commented Oct 4, 2020

@hwware imagine this case:

  1. redis is started from a config file with requirepass and an ACL file (that does not touch the default user). with your change (and with mine), the requirepass will work.
  2. user uses the ACL commands to replace the default user's password. (the password that was set with requirepeass is no longer valid).
  3. user replaces the ACL file and uses ACL LOAD to load the new file.

The change in this PR will revive the default password that is long gone.
This despite the fact that it wasn't valid before the ACL LOAD, and wasn't mentioned in the ACL file.

With the current code, the result of 1 above is that requirepass is completely ignored, and there are no surprises later on (after that initial surprise). no inconsistencies.

i'm in favour of documenting that these are not compatible (i.e. requirepass should only be used when ACL features are not used).

One thing that bothered me and would still be odd is that if someone uses a config file with requirepass and a bunch of USER lines in it, the requirepass is respected.
but if the USER line are moved to an independent ACL file which is referred to by the config file, the requirepass isn't respected.

I think it's really best if we discourage people from mixing these.

@hwware
Copy link
Contributor Author

hwware commented Oct 5, 2020

@oranagra thanks Oran for the suggestions, i will close this PR then and open a fix for the documentation.

@hwware hwware closed this Oct 5, 2020
@hwware hwware deleted the acl_file_fix branch November 6, 2020 20:30
alonre24 added a commit to alonre24/redis that referenced this pull request Jan 26, 2026
**Bug Fixes:**

* [redis#7219](RediSearch/RediSearch#7219) Fix a concurrency issue on Reducer in `FT.AGGREGATE`
* [redis#7255](RediSearch/RediSearch#7255) Fix `BM25STD` underflow wraparound
* [redis#7275](RediSearch/RediSearch#7275) Report used memory as `unsigned long long` to avoid underflows
* [redis#7264](RediSearch/RediSearch#7264) Fix `totalDocsLen` updates
* [redis#6995](RediSearch/RediSearch#6995) Do not fanout `FT.INFO` to replicas
* [redis#7350](RediSearch/RediSearch#7350) Fix `FT.CREATE` failure with LeanVec parameters on non-Intel architectures
* [redis#7384](RediSearch/RediSearch#7384) Fix index load from RDB temporary memory overhead
* [redis#7459](RediSearch/RediSearch#7459) Fix Fork GC potential double-free on error path
* [redis#7458](RediSearch/RediSearch#7458) Fix a GC performence regression
* [redis#7470](RediSearch/RediSearch#7470) Avoid draining worker thread pool from FLUSH callback to avoid deadlocks
* [redis#7554](RediSearch/RediSearch#7554) Handle the case where `SCORE` is sent alone without extra fields (coordinator)
* [redis#7685](RediSearch/RediSearch#7685) Fix cursor logical leak
* [redis#7794](RediSearch/RediSearch#7794) Fix `cmp_strings()` to correctly handle binary data with embedded NULLs in TOLIST reducer in FT.AGGREGATE
* [redis#7873](RediSearch/RediSearch#7873) Handle warnings in empty `FT.AGGREGATE` replies (cluster)
* [redis#7886](RediSearch/RediSearch#7886) Remove non-TEXT fields from the spec keys dictionary
* [redis#7904](RediSearch/RediSearch#7904) Refactor keys dictionary handling
* [redis#7901](RediSearch/RediSearch#7901) Support multiple warnings in reply
* [redis#8083](RediSearch/RediSearch#8083) Fix incorrect FULLTEXT field metric counts
* [redis#8153](RediSearch/RediSearch#8153) Fix configuration registration issues

**Improvements:**

* [redis#7154](RediSearch/RediSearch#7154) `FT.AGGREGATE` can return Background Indexing OOM warnings
* [redis#7083](RediSearch/RediSearch#7083) Add the default text scorer as a configuration option
* [redis#7341](RediSearch/RediSearch#7341) Rename `FT.PROFILE` counter fields
* [redis#7436](RediSearch/RediSearch#7436) Enhance `FT.PROFILE` with vector search execution details
* [redis#7435](RediSearch/RediSearch#7435) Ensure full `FT.PROFILE` output on timeout with RETURN policy
* [redis#7534](RediSearch/RediSearch#7534) Reduce the number of worker threads asynchronously to avoid deadlocks during queries
* [redis#7614](RediSearch/RediSearch#7614) Track timeout warnings and errors in INFO
* [redis#7646](RediSearch/RediSearch#7646) Track `maxprefixexpansions` warnings and errors in INFO
* [redis#7577](RediSearch/RediSearch#7577) Track query syntax/argument errors (basis for query error tracking)
* [redis#7737](RediSearch/RediSearch#7737) Add `Internal cursor reads` metric to cluster `FT.PROFILE` output
* [redis#7759](RediSearch/RediSearch#7759) Extend indexing metrics
* [redis#7710](RediSearch/RediSearch#7710) Support `WITHCOUNT` keyword in `FT.AGGREGATE`
* [redis#7957](RediSearch/RediSearch#7957) Persist query warnings across cursor reads
* [redis#8054](RediSearch/RediSearch#8054) Add logging for index-related commands
* [redis#8151](RediSearch/RediSearch#8151) Fix shard total profile time reporting in `FT.PROFILE`
* [redis#8103](RediSearch/RediSearch#8103) Output current thread IndexSpec information on crash
YaacovHazan pushed a commit that referenced this pull request Jan 26, 2026
**Bug Fixes:**

* [#7219](RediSearch/RediSearch#7219) Fix a
concurrency issue on Reducer in `FT.AGGREGATE`
* [#7255](RediSearch/RediSearch#7255) Fix
`BM25STD` underflow wraparound
* [#7275](RediSearch/RediSearch#7275) Report
used memory as `unsigned long long` to avoid underflows
* [#7264](RediSearch/RediSearch#7264) Fix
`totalDocsLen` updates
* [#6995](RediSearch/RediSearch#6995) Do not
fanout `FT.INFO` to replicas
* [#7350](RediSearch/RediSearch#7350) Fix
`FT.CREATE` failure with LeanVec parameters on non-Intel architectures
* [#7694](RediSearch/RediSearch#7694) Use
asynchronous jobs for GC in SVS to accelerate execution
* [#7384](RediSearch/RediSearch#7384) Fix index
load from RDB temporary memory overhead
* [#7459](RediSearch/RediSearch#7459) Fix Fork
GC potential double-free on error path
* [#7458](RediSearch/RediSearch#7458) Fix a GC
performence regression
* [#7470](RediSearch/RediSearch#7470) Avoid
draining worker thread pool from FLUSH callback to avoid deadlocks
* [#7554](RediSearch/RediSearch#7554) Handle the
case where `SCORE` is sent alone without extra fields (coordinator)
* [#7685](RediSearch/RediSearch#7685) Fix cursor
logical leak
* [#7794](RediSearch/RediSearch#7794) Fix
`cmp_strings()` to correctly handle binary data with embedded NULLs in
TOLIST reducer in FT.AGGREGATE
* [#7873](RediSearch/RediSearch#7873) Handle
warnings in empty `FT.AGGREGATE` replies (cluster)
* [#7886](RediSearch/RediSearch#7886) Remove
non-TEXT fields from the spec keys dictionary
* [#7904](RediSearch/RediSearch#7904) Refactor
keys dictionary handling
* [#7901](RediSearch/RediSearch#7901) Support
multiple warnings in reply
* [#8083](RediSearch/RediSearch#8083) Fix
incorrect FULLTEXT field metric counts
* [#8153](RediSearch/RediSearch#8153) Fix
configuration registration issues

**Improvements:**

* [#7154](RediSearch/RediSearch#7154)
`FT.AGGREGATE` can return Background Indexing OOM warnings
* [#7083](RediSearch/RediSearch#7083) Add the
default text scorer as a configuration option
* [#7341](RediSearch/RediSearch#7341) Rename
`FT.PROFILE` counter fields
* [#7436](RediSearch/RediSearch#7436) Enhance
`FT.PROFILE` with vector search execution details
* [#7435](RediSearch/RediSearch#7435) Ensure
full `FT.PROFILE` output on timeout with RETURN policy
* [#7534](RediSearch/RediSearch#7534) Reduce the
number of worker threads asynchronously to avoid deadlocks during
queries
* [#7614](RediSearch/RediSearch#7614) Track
timeout warnings and errors in INFO
* [#7646](RediSearch/RediSearch#7646) Track
`maxprefixexpansions` warnings and errors in INFO
* [#7577](RediSearch/RediSearch#7577) Track
query syntax/argument errors (basis for query error tracking)
* [#7737](RediSearch/RediSearch#7737) Add
`Internal cursor reads` metric to cluster `FT.PROFILE` output
* [#7759](RediSearch/RediSearch#7759) Extend
indexing metrics
* [#7710](RediSearch/RediSearch#7710) Support
`WITHCOUNT` keyword in `FT.AGGREGATE`
* [#7957](RediSearch/RediSearch#7957) Persist
query warnings across cursor reads
* [#8054](RediSearch/RediSearch#8054) Add
logging for index-related commands
* [#8151](RediSearch/RediSearch#8151) Fix shard
total profile time reporting in `FT.PROFILE`
* [#8103](RediSearch/RediSearch#8103) Output
current thread IndexSpec information on crash
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants