Redis ACL algorithm allows you to lock yourself out (and remove all access)

I was playing around with ACLs and noticed that it is possible to remove all access without the possibility to recover - unless you stop the instance.

$ ./redis-server
$ ./redis-cli -s /tmp/redis.sock
redis /tmp/redis.sock> acl setuser default on nopass resetkeys -@dangerous

I understand that this might be the intended behavior and I am ok with that. After all admins are supposed to think before they type. ;-)

However, it should be noted in the documentation.

Comment From: tessus

Any comment? We can close this, if this is working as designed.

Comment From: tessus

Still no comment on this matter?

Comment From: antirez

Hello @tessus, yes this is the intended behavior, however if you use an ACL file, actually you can modify the ACL file. What you cannot do is to reload the ACL, so perhaps a solution to this problem would be to have a signal that forces Redis to reload the ACL file, so that is possible to login in the instance where Redis is running, kill -SIGUSR2 or alike the instance after modifying the ACL file, and have it accessible again.

Comment From: tessus

Thanks @antirez for the reply. Yes, this would be a good compromise.

However, in my example you'd be locked out forever, because I wasn't using an ACL file. I am not saying that this behavior is stupid or wrong, but that it should be properly documented. I was suprised that I could actually lock myself out and render the instance unusable.