gh15684 allows user rabbitmq to run rabbitmq-plugins command

[manojkrgupta]

Proposed Changes

Please describe the big picture of your changes here to communicate to the RabbitMQ team why we should accept this pull request.
If it fixes a bug or resolves a feature request, be sure to link to that issue.

A pull request that doesn't explain why the change was made has a much lower chance of being accepted.

Types of Changes

What types of changes does your code introduce to this project?
Put an x in the boxes that apply

• Bug fix (non-breaking change which fixes issue #NNNN)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause an observable behavior change in existing systems)
• Documentation improvements (corrections, new content, etc)
• Cosmetic change (whitespace, formatting, etc)
• Build system and/or CI

Checklist

Put an x in the boxes that apply.
You can also fill these out after creating the PR.
This is simply a reminder of what we are going to look for before merging your code.

• Mandatory: I (or my employer/client) have have signed the CA (see https://github.com/rabbitmq/cla)
• I have read the CONTRIBUTING.md document
• I have added tests that prove my fix is effective or that my feature works
• All tests pass locally with my changes
• If relevant, I have added necessary documentation to https://github.com/rabbitmq/rabbitmq-website
• If relevant, I have added this change to the first version(s) in release-notes that I expect to introduce it

Further Comments

If this is a relatively large or complex change, kick off the discussion by explaining why you chose the solution
you did and what alternatives you considered, etc.

[michaelklishin]

This was discussed multiple times.

This behavior is by design and only affects only Debian and RPM packages.

[manojkrgupta]

Thanks @michaelklishin Michael for looking into this.

• This also impacts alpine, and adding the PR will allow the rabbitmq user to work fine everywhere.
• If you could shed some light on the side effects of this PR -- I will be happily convinced.
• But for now, I don't see any side effect.

small demo (recreation steps)

]$ docker run -it --rm --entrypoint=sh alpine                  
/ # apk update

/ # grep  rabbitmq /etc/passwd || echo "user=rabbitmq not present"
user=rabbitmq not present

/ # apk add rabbitmq-server
....

/ # grep  rabbitmq /etc/passwd || echo "user=rabbitmq not present"
rabbitmq:x:100:101:RabbitMQ Server:/var/lib/rabbitmq:/sbin/nologin

/ # su -s /bin/sh rabbitmq -c "whoami"
rabbitmq

/ # su -s /bin/sh rabbitmq -c "rabbitmq-plugins set rabbitmq_top rabbitmq_shovel"

Usage

rabbitmq-plugins [--node <node>] [--timeout <timeout>] [--longnames] [--quiet] <command> [<command options>]

Available commands:

Help:

   autocomplete  Provides command name autocomplete variants
   help          Displays usage information for a command
   version       Displays CLI tools version

Monitoring, observability and health checks:

   directories   Displays plugin directory and enabled plugin file paths
   is_enabled    Health check that exits with a non-zero code if provided plugins are not enabled on target node

Plugin Management:

   disable       Disables one or more plugins
   enable        Enables one or more plugins
   list          Lists plugins and their state
   set           Enables one or more plugins, disables the rest

Use 'rabbitmq-plugins help <command>' to learn more about a specific command

Only root or rabbitmq can run rabbitmq-plugins

/ # 

[lukebakken]

@manojkrgupta see this PR which will address the message that lead to all of this confusion:

#15701

Requiring root to run rabbitmq-plugins is the correct behavior as pointed out here.