diff options
author | Harkrishn Patro <30795839+hpatro@users.noreply.github.com> | 2021-04-19 12:27:44 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-04-19 13:27:44 +0300 |
commit | 7a3d1487e443c3cb5fde3605aebea20698a940b4 (patch) | |
tree | 60c164c5e23b797b2084857fc9000773274a9ecb /redis.conf | |
parent | 3a955d9ad443adcb1d0495f4b702612f6b250f6e (diff) | |
download | redis-7a3d1487e443c3cb5fde3605aebea20698a940b4.tar.gz |
ACL channels permission handling for save/load scenario. (#8794)
In the initial release of Redis 6.2 setting a user to only allow pubsub access to
a specific channel, and doing ACL SAVE, resulted in an assertion when
ACL LOAD was used. This was later changed by #8723 (not yet released),
but still not properly resolved (now it errors instead of crash).
The problem is that the server that generates an ACL file, doesn't know what
would be the setting of the acl-pubsub-default config in the server that will load it.
so ACL SAVE needs to always start with resetchannels directive.
This should still be compatible with old acl files (from redis 6.0), and ones from earlier
versions of 6.2 that didn't mess with channels.
Co-authored-by: Harkrishn Patro <harkrisp@amazon.com>
Co-authored-by: Oran Agra <oran@redislabs.com>
Diffstat (limited to 'redis.conf')
-rw-r--r-- | redis.conf | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/redis.conf b/redis.conf index e16fc4bbb..a7bfec83e 100644 --- a/redis.conf +++ b/redis.conf @@ -917,7 +917,7 @@ acllog-max-len 128 # order to provide better out-of-the-box Pub/Sub security. Therefore, it is # recommended that you explicitly define Pub/Sub permissions for all users # rather then rely on implicit default values. Once you've set explicit -# Pub/Sub for all exisitn users, you should uncomment the following line. +# Pub/Sub for all existing users, you should uncomment the following line. # # acl-pubsub-default resetchannels |