diff options
| author | Harkrishn Patro <30795839+hpatro@users.noreply.github.com> | 2022-01-30 11:02:55 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-01-30 12:02:55 +0200 |
| commit | a43b6922d1e37d60acf63484b7057299c9bf584d (patch) | |
| tree | d74294e6d9b31342cef6fc27a1b936ecbfa62f71 /utils | |
| parent | eedec155acdd0ead3536edf6988e250a1a9fcb3e (diff) | |
| download | redis-a43b6922d1e37d60acf63484b7057299c9bf584d.tar.gz | |
Set default channel permission to resetchannels for 7.0 (#10181)
For backwards compatibility in 6.x, channels default permission was set to `allchannels` however with 7.0,
we should modify it and the default value should be `resetchannels` for better security posture.
Also, with selectors in ACL, a client doesn't have to set channel rules everytime and by default
the value will be `resetchannels`.
Before this change
```
127.0.0.1:6379> acl list
1) "user default on nopass ~* &* +@all"
127.0.0.1:6379> acl setuser hp on nopass +@all ~*
OK
127.0.0.1:6379> acl list
1) "user default on nopass ~* &* +@all"
2) "user hp on nopass ~* &* +@all"
127.0.0.1:6379> acl setuser hp1 on nopass -@all (%R~sales*)
OK
127.0.0.1:6379> acl list
1) "user default on nopass ~* &* +@all"
2) "user hp on nopass ~* &* +@all"
3) "user hp1 on nopass &* -@all (%R~sales* &* -@all)"
```
After this change
```
127.0.0.1:6379> acl list
1) "user default on nopass ~* &* +@all"
127.0.0.1:6379> acl setuser hp on nopass +@all ~*
OK
127.0.0.1:6379> acl list
1) "user default on nopass ~* &* +@all"
2) "user hp on nopass ~* resetchannels +@all"
127.0.0.1:6379> acl setuser hp1 on nopass -@all (%R~sales*)
OK
127.0.0.1:6379> acl list
1) "user default on nopass ~* &* +@all"
2) "user hp on nopass ~* resetchannels +@all"
3) "user hp1 on nopass resetchannels -@all (%R~sales* resetchannels -@all)"
```
Diffstat (limited to 'utils')
0 files changed, 0 insertions, 0 deletions