I am in the context of providing redis as a manged service. So I want to provision redis and have 2 users at the beginning.
- healthcheck: would to healthchecks like a ping.
- default: with a initial password and removed categories like
@adminto removeCONFIG SETcommand in order to not be able to mess with the config.
The user of that redis should be able to change their own password so that the provider only does know the initial password.
Possibly even create new users for themself without haveing access to certain @admin commands.
Here is an example of me trying to figure out how to achieve my goal:
users.acl
user admin on +@all ~* >admin
user healthcheck -@all +@connection ~* >healthcheck
user default on +@all -@admin +ACL|SETUSER +ACL|SAVE +ACL|GENPASS +ACL|LOAD ~* >password
But as soon as the user is allowed to use the ACL SETUSER command they can just create a new user with @admin rights.
Now they can delete the healthcheck user and mess around with the CONFIG SET commands.
The solution in my mind would be to have a command only to allow changing the own password. But I think that does not exist.
If this does not exist, would it make sense to open a feature request for this? I am not sure if this use case is in the scope of redis.
Additionally, is is possible to restrict creating users with certain categories like @admin?