Permalink
Browse files

Prioritizing rabbitmqctl as non-root warning.

  • Loading branch information...
1 parent 949dc06 commit de31e2ffed9dc34e62da4c5c59fcea2e3f9e6480 @cluther cluther committed Jul 20, 2012
Showing with 18 additions and 19 deletions.
  1. +18 −19 README.rst
View
@@ -158,11 +158,28 @@ is only allowed to be run by the *root* and *rabbitmq* users. Furthermore, this
ZenPack expects the ``rabbitmqctl`` command be in the user's path. Normally
this is only true for the root user.
+.. warning::
+
+ There's a very good reason for this restriction. Once a user is allowed to
+ execute the ``rabbitmqctl`` command, they are able to perform the following
+ actions.
+
+ - Stop, Start or Reset RabbitMQ
+ - Control a RabbitMQ Cluster
+ - Close Open Connections
+ - Manage Users and Security
+ - Manage VHosts
+
+ In a nutshell, this means that any user with permission to run
+ ``rabbitmqctl`` can wreak total havoc on your RabbitMQ server if they had
+ the intent to do so.
+
+
Assuming that you've created a user named *zenoss* on your RabbitMQ servers for
monitoring purposes, you can follow these steps to allow the *zenoss* user to
run ``rabbitmqctl``.
-1. Copy RabbitMQ's Erlang cookie to the *zenoss* user's home directory.
+1. Copy RabbitMQ's Erlang cookie to the *zenoss* user's home directory::
.. sourcecode:: bash
@@ -178,24 +195,6 @@ run ``rabbitmqctl``.
echo 'export PATH="$PATH:/usr/sbin"' >> /home/zenoss/.bashrc
-.. warning::
-
- There's a very good reason for this restriction. Once a user is allowed to
- execute the ``rabbitmqctl`` command, they are able to perform the following
- actions.
-
- - Stop, Start or Reset RabbitMQ
- - Control a RabbitMQ Cluster
- - Close Open Connections
- - Manage Users and Security
- - Manage VHosts
-
- In a nutshell, this means that any user with permission to run
- ``rabbitmqctl`` can wreak total havoc on your RabbitMQ server if they had
- the intent to do so.
-
-
-
Screenshots
===============================================================================

0 comments on commit de31e2f

Please sign in to comment.