Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[admins] config not hashed and updated in local.ini if any config files exist in local.d #5174

Open
allout58 opened this issue Aug 8, 2024 · 2 comments
Open

[admins] config not hashed and updated in local.ini if any config files exist in local.d #5174

allout58 opened this issue Aug 8, 2024 · 2 comments
Labels
bug needs-triage

Comments

@allout58
Copy link

allout58 commented Aug 8, 2024

Description

I am trying to configure a CouchDB instance on Rocky Linux 8. I have it installed and functioning, but if I put any configuration .ini files in etc/local.d, it seems to break the hash-and-update for admin passwords, both in files in local.d and in local.ini

Steps to Reproduce

  • Update etc/local.ini [admins] section to have, for example, admin = himom
  • Add a file etc/local.d/admins.ini with contents
[admins]
anotherAdmin = helloMother
  • Restart couchdb.service
  • View etc/local.ini and etc/local.d/admins.ini files to see that contents have not been updated with hashed passwords

Expected Behaviour

At a bare minimum, having config files in local.d should not break hashing and updating local.ini.

Ideally, I'd also like admin passwords in config files under local.d to be hashed and updated as well.

Your Environment

{"couchdb":"Welcome","version":"3.3.3","git_sha":"40afbcfc7","uuid":"7ca12332e50b19feef607ad452e6df09","features":["access-ready","partitioned","pluggable-storage-engines","reshard","scheduler"],"vendor":{"name":"The Apache Software Foundation"}}

  • CouchDB version used: 3.3.3
  • Browser name and version: N/A
  • Operating system and version: Rocky Linux 8.9

Additional Context

I have not tried having any configuration files under default.d to know if the same problem occurs.

I know that [admins] section in local.d/admins.ini is being read as I can log into Fauxton with the credentials set there

This is not just related to [admins] section in local.d, any configuration files in there cause this issue.
@justinclloyd
Copy link

Hitting this same issue in Ubuntu 22.04.

{
  "couchdb": "Welcome",
  "version": "3.3.3",
  "git_sha": "40afbcfc7",
  "uuid": "REDACTED",
  "features": [
    "access-ready",
    "partitioned",
    "pluggable-storage-engines",
    "reshard",
    "scheduler"
  ],
  "vendor": {
    "name": "The Apache Software Foundation"
  }
}

@nickva
Copy link
Contributor

nickva commented Sep 5, 2024

.ini files are read in a hierarchy. The later ones override the early ones. It goes something like default.ini, default.d/*.ini, local.ini and local.d/*.ini. The *.ini ones are sorted, so typically there you'd want to add a numeric prefix indicating the order it should be local.d/10-admins.ini vs local.d/50-admins.ini.

Config values are written to the last file in the chain, so make sure to put your admins in the last file in the chain, say local.d/80-mysettings.ini for instance. Another approach is to pre-hash the password with an external tool. This is a bit more advanced but then it wouldn't rely on writing to the last .ini file rule.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug needs-triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@nickva @allout58 @justinclloyd