CouchDB only writes to the final file in the config chain

[S-Aggarwal]

Expected Behavior

If you add a new admin using the [admins] section of the locals.ini file, the password should get salted and encrypted (using pkbdf2) after restarting CouchDB.

Current Behavior

The password remains in plaintext while a copy is created in the 10-admins.ini file in the local.d directory where the encrypted password is stored.

Files after restarting CouchDB:
locals.ini

[admins]
;admin = mysecretpassword
testadmin = testpass

locals.d/10-admins.ini

[admins]
testadmin = -pbkdf2-1c9e78dae1afdf034b5777a62a8a7e8a0c8e93fd,56a7565edee375ebb7cb872185ea364c,10

Possible Solution

Edit local.ini with encrypted password as well after parsing it on start-up.

Your Environment

• Version used: CouchDB 2.1.0
• Operating System and version (desktop or mobile): Ubuntu 16.04

[wohali]

CouchDB always writes to the last file in the config chain, which draws file in the following order:

etc/default.ini
etc/default.d/* (processed in alphanumeric order)
etc/local.ini
etc/local.d/* (same)

What you are observing is the current behaviour, if you have an etc/local.d/whatever.ini file the encrypted password will be written there, not into etc/local.ini.

Improving this functionality is useful, and something that's been on the verbal backlog for a while, but will require a near-complete rewrite of the current config system. (Read: this won't happen very soon, nor is it strictly speaking a bug.)

I will retitle this issue and leave it open to track future work.

[ahayes]

This gave me quite a bit of grief today. Note that this behaviour does not match the documentation at https://docs.couchdb.org/en/2.1.1/config/auth.html#server-administrators

A side-effect is that attempting to reset the admin password using the local.ini file doesn't seem to take hold. I now assume this is because it doesn't consider the local.ini version to be relevant when there is a local.d/10-admins.ini file present with the same user listed in it. Only new users have their info copied over.

[wohali]

Thanks for the info @ahayes . We'd welcome your improvements to the documentation over at https://github.com/apache/couchdb-documentation . Pull requests are welcome! :)

[ahayes]

Thanks @wohali. I can give it a shot. Can you confirm that this new behaviour is standard on all couchdb platforms? I could then modify the docs to simply point at the 10-admins.ini file rather than local.ini sections talking about [admins]. Also, do you know which version introduced this change?

[wohali]

10-admins.ini is specific to how the Debian package installer works, so no, that's not global. The described behaviour here is new as of 2.0.0, which is when many breaking changes were introduced.

[janl]

@wohali what about swapping local.ini and local.d/ in the chain, so that local.ini reigns supreme?

[wohali]

@janl That would break the approach @kocolosk has set up for the Docker images, kubernetes and the helm chart. It also would be backwards compatibility breaking. I don't like it.