New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set default channel permission to resetchannels for 7.0 #10181
Conversation
@hpatro isn't that a serious breaking change? maybe we can find the middle ground for different default in selectors vs the root selector? |
@oranagra I agree this is a breaking change. I believe it's good to talk about it before the major release and come to a decision. 7.0 provides this opportunity to make this breaking change to increase the security posture of all newly created users. For customers updating from 6.0 to 7.0 using acl file shouldn't have any problem as the state of channel permission would already be persisted in the file. |
I wanted to avoid different permissions on selectors vs root permissions, since I think that will just add more room for confusion. I think what a lot of people want to do is just write some permissions for a root user, and then wrap in parentheses and have it work the same way. Since this is for security, and we're already introducing a bunch of backwards breaking changes to make it more secure by default (module/debug/config flags). I would be in favor of this change and make a stand that this is the version we care about security. We can also advise users to explicitly add this to their config file to retain the current behavior. |
I agree with the reasoning to make it more secure and having consistent use of selectors. |
@yossigo @soloestoy Any thoughts ? |
I agree it's better to make it more secure. But I feel uncomfortable about the breaking change, especially we did a lot of compatibility work to avoid breaking change in multi-part AOF feature. |
Note: We can advise user(s) in the release notes to use |
I'm also in favor of changing the default, despite being a breaking change. My arguments are:
@soloestoy To me, this is different because:
|
I was initially against it, but after thinking about the argument Yossi presented, i changed my mind. the bottom line here, is that like the blocking of so either we leave it like it was forever, or we introduce a breaking when some day. |
seems like we have a quorum, and out of time for 7.0 RC1. |
For backwards compatibility in 6.x, channels default permission was set to `allchannels` however with 7.0, we should modify it and the default value should be `resetchannels` for better security posture. Also, with selectors in ACL, a client doesn't have to set channel rules everytime and by default the value will be `resetchannels`. Before this change ``` 127.0.0.1:6379> acl list 1) "user default on nopass ~* &* +@ALL" 127.0.0.1:6379> acl setuser hp on nopass +@ALL ~* OK 127.0.0.1:6379> acl list 1) "user default on nopass ~* &* +@ALL" 2) "user hp on nopass ~* &* +@ALL" 127.0.0.1:6379> acl setuser hp1 on nopass -@ALL (%R~sales*) OK 127.0.0.1:6379> acl list 1) "user default on nopass ~* &* +@ALL" 2) "user hp on nopass ~* &* +@ALL" 3) "user hp1 on nopass &* -@ALL (%R~sales* &* -@ALL)" ``` After this change ``` 127.0.0.1:6379> acl list 1) "user default on nopass ~* &* +@ALL" 127.0.0.1:6379> acl setuser hp on nopass +@ALL ~* OK 127.0.0.1:6379> acl list 1) "user default on nopass ~* &* +@ALL" 2) "user hp on nopass ~* resetchannels +@ALL" 127.0.0.1:6379> acl setuser hp1 on nopass -@ALL (%R~sales*) OK 127.0.0.1:6379> acl list 1) "user default on nopass ~* &* +@ALL" 2) "user hp on nopass ~* resetchannels +@ALL" 3) "user hp1 on nopass resetchannels -@ALL (%R~sales* resetchannels -@ALL)" ```
For backwards compatibility in 6.x, channels default permission was set to
allchannels
however with 7.0, we should modify it and the default value should beresetchannels
for better security posture. Also, with selectors in ACL, a client doesn't have to set channel rules everytime and by default the value will beresetchannels
.This is a breaking change, users that are badly affected by it, can easily revert the config back to the old default.
Before this change
After this change