Uploaded image for project: 'Couchbase Server'
  1. Couchbase Server
  2. MB-19752

Use Couchbase-cli update Administrator's password will remove Read-Only User Account

    XMLWordPrintable

Details

    • Bug
    • Resolution: Fixed
    • Critical
    • 3.1.6
    • 2.5.2, 3.1.5, 4.1.1, 4.5.0
    • ns_server
    • Security Level: Public
    • None
    • Untriaged
    • Unknown

    Description

      *Background *
      Using Couchbase CLI to reset administrator's password will remove ReadOnly User account

      Problem

      Step to reproduce the problem
      1. Create and verify ReadOnlyUser Account available in the system

      root@Testing123:/home/couchbase# /opt/couchbase/bin/couchbase-cli user-manage -c localhost:8091 --set --ro-username=readonlyuser --ro-password=readonlypassword -u Administrator -p testingpassword123
      		 
      SUCCESS: readOnly user created
      		 
      root@Testing123:/home/couchbase# /opt/couchbase/bin/couchbase-cli user-manage --list -c localhost -u Administrator -p testingpassword123
      		 
      readonlyuser

      2. Verify with configuration file

      root@Testing123:/home/couchbase# /opt/couchbase/bin/erl -noinput -eval 'case file:read_file("/opt/couchbase/var/lib/couchbase/config/config.dat") of {ok, B} -> io:format("~p~n", [binary_to_term(B)]) end.' -run init stop | grep -A 10 "creds"
      		 
      [[{read_only_user_creds,
      		 
         [{'_vclock',[{<<"236e47807567371a8867dce629f87740">>,{4,63631495583}}]}|
      		 
      *{color:red}    {"readonlyuser",
      		 
           {password,
      		 
            {<<123,159,182,28,197,228,146,52,242,189,61,52,71,70,183,211>>,
      		 
             <<252,96,213,122,154,84,212,82,156,210,210,119,108,158,27,96,10,69,
      		 
               40,146>>}}}]},{color}*
      		 
        {uuid,
      		 
         [{'_vclock',[{<<"236e47807567371a8867dce629f87740">>,{1,63631495078}}]}|
      		 
          <<"739c12782b2b59bb0bd9f8a3c94c1d7e">>]},
      		 
        {rest_creds,
      		 
         [{'_vclock',[{<<"236e47807567371a8867dce629f87740">>,{2,63631495078}}]}|
      		 
          {"Administrator",
      		 
           {password,
      		 
            {<<19,13,29,34,58,109,165,232,50,159,3,57,212,185,27,169>>,
      		 
             <<127,223,122,81,153,12,173,88,252,238,205,132,91,249,47,183,214,
      		 
               124,34,189>>}}}]},
      		 
        {rest,[{port,8091}]},
      		 
        {{node,'ns_1@127.0.0.1',stop_xdcr},
      		 
         [{'_vclock',[{<<"236e47807567371a8867dce629f87740">>,{2,63627896718}}]}|
      		 
          '_deleted']},

      3. Reset Administrator's password

      root@Testing123:/home/couchbase# /opt/couchbase/bin/couchbase-cli cluster-edit --cluster-username=Administrator --cluster-password=couchbase -u Administrator -p testingpassword123 -c localhost
      		 
      SUCCESS: init/edit localhost

      4. Confirm ReadOnly User account no longer available

      root@Testing123:/home/couchbase# /opt/couchbase/bin/couchbase-cli user-manage --list -c localhost -u Administrator -p testingpassword123
      		 
      ERROR: not any read only user defined (404) Object Not Found
      		 
      Requested resource not found.

      5. Verify with Couchbase Config file 

      root@Testing123:/home/couchbase# /opt/couchbase/bin/erl -noinput -eval 'case file:read_file("/opt/couchbase/var/lib/couchbase/config/config.dat") of {ok, B} -> io:format("~p~n", [binary_to_term(B)]) end.' -run init stop | grep -A 10 "creds"
      		 
      {color:red}*[[{read_only_user_creds,
      		 
         [{'_vclock',[{<<"236e47807567371a8867dce629f87740">>,{5,63631495773}}]}|
      		 
          null]},*{color}
      		 
        {rest_creds,
      		 
         [{'_vclock',[{<<"236e47807567371a8867dce629f87740">>,{3,63631495773}}]}|
      		 
          {"Administrator",
      		 
           {password,
      		 
            {<<69,166,156,181,181,51,14,252,127,251,239,171,173,128,156,1>>,
      		 
             <<162,154,105,137,33,244,232,53,213,102,156,165,115,254,195,146,
      		 
               131,221,68,92>>}}}]},
      		 
        {rest,[{port,8091}]},
      		 
        {uuid,
      		 
         [{'_vclock',[{<<"236e47807567371a8867dce629f87740">>,{1,63631495078}}]}|
      		 
          <<"739c12782b2b59bb0bd9f8a3c94c1d7e">>]},

      Confirmed: /opt/couchbase/bin/cbreset_password do not have the same problem

      Attachments

        Issue Links

          blocks

          Task - A task that needs to be done. MB-19323 3.1.6 release

          • Major - Major loss of function.
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. MB-20170 CLONE - Use Couchbase-cli update Administrator's password will remove Read-Only User Account

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MB-20171 CLONE - Use Couchbase-cli update Administrator's password will remove Read-Only User Account

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed

          Bug - A problem which impairs or prevents the functions of the product. MB-20172 CLONE - Use Couchbase-cli update Administrator's password will remove Read-Only User Account

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          No reviews matched the request. Check your Options in the drop-down menu of this sections header.

          Activity

            People

              artem Artem Stemkovski
              gary.wong Gary Wong (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Gerrit Reviews

                  There are no open Gerrit changes

                  PagerDuty