New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change built-in kibana
user to kibana_system
#29808
Comments
Original comment by @skearns64: |
Original comment by @epixa: ++ to this idea. We have to be careful about how we handle this for backwards compatibility sake, but this will go a long way in helping avoid ambiguity around how this user is used. |
Original comment by @skearns64: Great, glad there is appetite for this.. Is this something that we could fix for 6.0? Given the potential BWC implications, a major version seems like the right time to make the change. |
Original comment by @clintongormley: @tvernum is there any way of doing this transparently (including during a rolling restart)? |
Original comment by @tvernum: We renamed the kibana role from kibana to kibana_system with a BWC layer in place. (LINK REDACTED) |
Original comment by @skearns64: I think this would be a really good one to get into 6.0, if at all possible. Otherwise, we will have to live with inconsistent default usernames for another major release. |
Original comment by @jimgoodwin: Please discuss solutions... |
@skearns64 is this still important? |
Yes, I think that the naming confusion still exists among our customers, so this is still something we should address. |
OK. Out of FixItFriday, at least some folks felt it would be better to move logstash_system to be logstash, instead of changing the logstash and kibana users, WDYT? |
Please no! |
Unassigned myself so security team could get to this faster. |
Original comment by @skearns64:
Today, we have 3 built-in users:
elastic
, a superuser account,kibana
the system account that the Kibana server uses for connecting to ES, setting up the .kibana index and pushing monitoring data, andlogstash_system
, an account for logstash monitoring.Both the
kibana
user and thelogstash_system
users are system accounts that the respective systems use. It's a bit confusing and inconsistent that they don't follow the same naming scheme. There have been a number of cases where customers and users have mistaken thekibana
user for an end-user account for logging into Kibana.I propose that we change the
kibana
user tokibana_system
for consistency.Alternatively, I would also be comfortable changing
logstash_system
tologstash
to matchkibana
- the consistency of the naming scheme is more important to me than the scheme itself.The text was updated successfully, but these errors were encountered: