I am not sure if this is an issue in the documentation or in the actual ACL code, please feel free to close this and forward to the right location.
The ACL LIST documentation says that "Each line in the returned array defines a different user, and the format is the same used in the redis.conf file or the external ACL file, so you can cut and paste what is returned by the ACL LIST command directly inside a configuration file if you wish", but that is not fully true. Here's an example where the returned string is not valid:
127.0.0.1:6379> acl setuser alice (~bar))
OK
127.0.0.1:6379> acl list
1) "user alice off resetchannels -@all (~bar) resetchannels -@all)"
2) "user default on nopass ~* &* +@all"
127.0.0.1:6379> acl setuser alice off resetchannels -@all (~bar) resetchannels -@all)
(error) ERR Error in ACL SETUSER modifier '-@all)': Unknown command or category name in ACL
And when I try to put it in a file and run the redis server, I get the following error:
# Aborting Redis startup because of ACL errors: test-redis-acl.acl:1: Error in applying operation '-@all)': Unknown command or category name in ACL. WARNING: ACL errors detected, no change to the previously active ACL rules was performed
Comment From: enjoy-binbin
(~bar)), it look like the extra ) break the rule, i can take a look in the code this weekend
Comment From: enjoy-binbin
alice off resetchannels -@all (~bar) resetchannels -@all)
so this look like in acl setuser, in ACLMergeSelectorArguments, due to the extra ), (~bar), it can not find the last one )
@madolson do you have any thoughts about it? May be it can put in https://github.com/redis/redis/issues/11475
Comment From: madolson
That looks like a syntax error we need to fix.
"user alice off resetchannels -@all (~bar) resetchannels -@all)"
It looks wrong, but it would be valid to just have ~bar), so I think the selector should support the same syntax. I think we need to properly escape it.