[rabbitmq-discuss] How do I protect rabbitmqctl?
Simon MacMullen
simon at rabbitmq.com
Mon Feb 7 13:04:55 GMT 2011
On 07/02/11 13:00, Max Bridgewater wrote:
> I've got a pretty simple question. I created a user called "root",
> then I set this user to admin (rabbitmqctl set_admin root) and cleared
> admin rights from from all other users (guest, etc.). Now, similar as
> when using mysql client, I was expecting that at some point, the tool
> rabbitmqctl would require credentials for creating new users and
> setting permissions. This doesn't seem to be the case. I'm missing
> something?
rabbitmqctl connects to Rabbit using the Erlang cookie. Possession of
this cookie is equivalent to being an admin user (the admin user flag is
used by the management plugin).
If you installed from .deb / RPM packages the cookie file should only be
available to the rabbitmq user (and thus root via the script wrappers).
If you installed by hand, check your home directory for .erlang.cookie
and set permissions as appropriate.
Cheers, Simon
--
Simon MacMullen
Staff Engineer, RabbitMQ
SpringSource, a division of VMware
More information about the rabbitmq-discuss
mailing list