couchdb-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Paul Davis <>
Subject Re: The Strange Case of the Overarching Admin Accounts
Date Fri, 04 Sep 2009 17:49:16 GMT

It sounds like CouchDB is still reading the old configuration chain
even when you try and discard it. I don't have the time right now to
check, but to diagnose what's going on, you could put in an io:format
in couch_app:get_ini_files/1 to print what's being read. Assuming that
it is bundling in the local.ini for some reason it'd just be a matter
of going back into the couchdb script to see what's being sent in. Or
alternatively, just put an echo in the CouchDB script to see what's
being sent.

Those mechanics did change semi recently so there could be a regression.

Paul Davis

On Fri, Sep 4, 2009 at 1:32 PM, eric
casteleijn<> wrote:
> I'm having a problem that is making me doubt my sanity, and I wonder if
> someone can reproduce this or tell me how I'm stupid:
> I have a system couchdb server installed, and have added an admin account to
> it with this command:
> curl -X PUT http://localhost:5984/_config/admins/thisfred3 -d '"password3"'
> That works fine, the admin account is written to /etc/couchdb/local.ini with
> a hashed password as one would expect, and persists between couchdb
> sessions. Wonderful.
> Now when I start up a different couchdb server (after stopping the system
> one, but I don't really think that matters.) on a different port, with a
> different (newly created) db_dir and a completely different .ini file, like
> so:
> /usr/bin/couchdb -n -a
> /tmp/tmpnLQLQu/xdg_config/desktop-couch/desktop-couchdb.ini -p
> /tmp/tmpnLQLQu/xdg_cache/desktop-couch/ -o
> /tmp/tmpnLQLQu/xdg_cache/desktop-couch/desktop-couchdb.stdout -e
> /tmp/tmpnLQLQu/xdg_cache/desktop-couch/desktop-couchdb.stderr -b
> I can connect to this server, but not create databases or manipulate design
> documents, because it will throw a 401 unauthorized.
> Removing the [admins] section from /etc/couchdb/local.ini and trying the
> above command again, will let me happily do anything an admin can do,
> without asking for authentication.
> When I ask for the chain, by doing:
> /usr/bin/couchdb -n -a
> /tmp/tmpnLQLQu/xdg_config/desktop-couch/desktop-couchdb.ini -c
> I get what I'd expect:
> /tmp/tmpnLQLQu/xdg_config/desktop-couch/desktop-couchdb.ini
> So emphatically *not* /etc/couchdb/local.ini
> This looks like it may be a bug, but I'm not 100% sure, so can anyone tell
> me if they see the same behavior, and find it as strange as I do, or if I'm
> just doing it wrong?
> --
> - eric casteleijn

View raw message