problem with rabbitmq account

Posted May 28, 20203 min read

rabbitmq's web management interface cannot log in using guest users
================================================== ===============================

After installing the latest version of rabbitmq(3.3.1) and enabling the management plugin, the default account guest is used to log in to the management console, but it prompts that the login failed.

After looking at the official release document, I learned that because the guest account has all operating rights and is the default account, for security reasons, the guest user can only log in through localhost, and it is recommended to modify the guest user's password and create a new one Other account management uses rabbitmq(this feature was introduced in version 3.3.0).

Although it can be done in a more cumbersome way:delete "<" guest ">> in loopback \ _users in rabbit.app in the ebin directory,
And restart rabbitmq, you can use the guest account to log in to the management console through any IP, but it always violates the designer's original intention, plus there is not much knowledge about this before, so it is necessary to summarize.

1 . User Management

User management includes adding users, deleting users, viewing user lists, and modifying user passwords.

Corresponding command

(1) Add a user

rabbitmqctl add \ _user Username Password

(2) Delete a user

rabbitmqctl delete \ _user Username

(3) Modify the user's password

rabbitmqctl change \ _password Username Newpassword

(4) View the current user list

rabbitmqctl list \ _users

2 . User role

According to personal understanding, user roles can be divided into five categories, super administrators, monitors, policy makers, general managers and others.

(1) Super administrator(administrator)

You can log in to the management console(when the management plugin is enabled), you can view all the information, and you can operate on users and policies.

(2) Monitoring(monitoring)

You can log in to the management console(when the management plugin is enabled), and you can also view the relevant information of the rabbitmq node(number of processes, memory usage, disk usage, etc.)

(3) Policy maker

You can log in to the management console(when the management plugin is enabled), and you can manage the policy at the same time. However, it is impossible to view the relevant information of the node(the part marked by the red box in the above figure).

Compared with administrator, administrator can see these contents

(4) General management(management)

You can only log in to the management console(when the management plugin is enabled), you cannot see the node information, and you cannot manage the policies.

(5) Other

Unable to log in to the management console, usually ordinary producers and consumers.

After understanding these, you can set different roles for different users according to your needs, so that you can manage them on demand.

The command to set the user role is:

rabbitmqctl set \ _user \ _tags User Tag

User is the user name and Tag is the role name(corresponding to the above administrator, monitoring, policymaker, management, or other custom name).

You can also set multiple roles for the same user, for example

rabbitmqctl set \ _user \ _tags hncscwc monitoring policymaker

3 . User permissions

The user authority refers to the user's operation authority on exchange and queue, including configuration authority and read-write authority. Configuration permissions will affect the declaration and deletion of exchanges and queues. The read and write permissions affect the fetching of messages from the queue, the sending of messages to the exchange, and the bind operation of the queue and the exchange.

For example:To bind a queue to an exchange, you need to have the queue's write permission and the exchange's read permission; sending a message to the exchange requires the exchange's write permission; to fetch data from the queue requires the queue's read permission . For details, please refer to the "How permissions work" section in the official documentation.

The relevant commands are:

(1) Set user permissions

rabbitmqctl set \ _permissions -p VHostPath User ConfP WriteP ReadP

(2) View(specify hostpath) permission information of all users

rabbitmqctl list \ _permissions \ [-p VHostPath ]

(3) View the permission information of the specified user

rabbitmqctl list \ _user \ _permissions User

(4) Clear user permission information

rabbitmqctl clear \ _permissions \ [-p VHostPath ]User