[rabbitmq-discuss] How do I protect rabbitmqctl?

Simon MacMullen simon at rabbitmq.com
Mon Feb 7 13:04:55 GMT 2011

On 07/02/11 13:00, Max Bridgewater wrote:
> I've got a pretty simple question. I created a user called "root",
> then I set this user to admin (rabbitmqctl set_admin root) and cleared
> admin rights from from all other users (guest, etc.). Now, similar as
> when using mysql client, I was expecting that at some point, the tool
> rabbitmqctl would require credentials for creating new users and
> setting permissions. This doesn't seem to be the case. I'm missing
> something?

rabbitmqctl connects to Rabbit using the Erlang cookie. Possession of 
this cookie is equivalent to being an admin user (the admin user flag is 
used by the management plugin).

If you installed from .deb / RPM packages the cookie file should only be 
available to the rabbitmq user (and thus root via the script wrappers). 
If you installed by hand, check your home directory for .erlang.cookie 
and set permissions as appropriate.

Cheers, Simon
Simon MacMullen
Staff Engineer, RabbitMQ
SpringSource, a division of VMware

More information about the rabbitmq-discuss mailing list