You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: site/access-control.md
+5-2Lines changed: 5 additions & 2 deletions
Original file line number
Diff line number
Diff line change
@@ -77,13 +77,16 @@ new user accounts with generated credentials instead.
77
77
## <aid="default-state"class="anchor"href="#default-state">Default Virtual Host and User</a>
78
78
79
79
When the server first starts running, and detects that its
80
-
database is uninitialised or has been deleted, it
80
+
database is uninitialised or has been reset or deleted (the node is a "blank node"), it
81
81
initialises a fresh database with the following resources:
82
82
83
83
* a [virtual host](./vhosts.html) named <code>/</code> (a slash)
84
84
* a user named <code>guest</code> with a default password of <code>guest</code>, granted full access to the <code>/</code> virtual host
85
85
86
-
It is advisable to [pre-configure a new user with a generated username and password](#seeding) or [delete](rabbitmqctl.8.html#delete_user)
86
+
If a blank node [imports definitions on boot](/definitions.html#import-on-boot-nuances),
87
+
this default user will not be created.
88
+
89
+
It is **highly recommended** to [pre-configure a new user with a generated username and password](#seeding) or [delete](rabbitmqctl.8.html#delete_user)
87
90
the `guest` user or at least [change its password](rabbitmqctl.8.html#change_password)
88
91
to reasonably secure generated value that won't be known to the public.
### <aid="import-on-boot-nuances"class="anchor"href="#import-on-boot-nuances">Nuances of Boot-time Definition Import</a>
149
150
150
151
Definition import happens after plugin activation. This means that definitions related
151
152
to plugins (e.g. dynamic Shovels, exchanges of a custom type, and so on) can be imported at boot time.
152
153
153
154
The definitions in the file will not overwrite anything already in the broker.
154
-
However, if a blank (uninitialised) node imports a definition file, it will
155
-
not create the default virtual host and user.
155
+
156
+
If a blank (uninitialised) node imports a definition file, it will
157
+
not create the default virtual host and user. In **test or QA** environments,
158
+
an equivalent default user can be created via the same definitions file.
159
+
160
+
For **production** systems a new user with unique credentials must be created and used instead.
161
+
162
+
The below snippet demonstrates how the definitions file can be modified to
163
+
"re-create" the default user that would only be able to connect from `localhost` by default:
164
+
165
+
<preclass="lang-javascript">
166
+
"users": [
167
+
{
168
+
"name": "guest",
169
+
"password": "guest",
170
+
"tags": ["administrator"]
171
+
}
172
+
],
173
+
"permissions":[
174
+
{
175
+
"user":"guest",
176
+
"vhost":"/",
177
+
"configure":".*",
178
+
"read":".*",
179
+
"write":".*"}
180
+
],
181
+
</pre>
156
182
157
183
### <aid="import-on-boot-skip-if-unchanged"class="anchor"href="#import-on-boot-skip-if-unchanged">Avoid Boot Time Import if Definition Contents Have Not Changed</a>
0 commit comments