a

Remove the User Cassandra from DataStaxApache Cassandra Installations

Whenever you’re installing a new DataStaxApache Cassandra cluster, you need to remember to remove the user cassandra. We’ve seen this at a couple of customer installations now. If you do not change the user cassandra or at least alter the roles for the user cassandra. then you’re liable to see all sort of nasty repercussions. […]

Whenever you’re installing a new DataStaxApache Cassandra cluster, you need to remember to remove the user cassandra.
We’ve seen this at a couple of customer installations now. If you do not change the user cassandra or at least alter the roles for the user cassandra. then you’re liable to see all sort of nasty repercussions. The cassandra user uses  a consistency level of QUORUM when querying keyspaces like ‘system_auth’. Hence, you may see significant performance degradation because each query will need to have confirmation.
In your Cassandra system log files, you’ll most likely see
WARN 2018-12-07 17:20:12,047 ClientState.java:372 - User ‘cassandra’ logged in from /10.0.0.4:48220. It is strongly recommended to create and use another user and grant it superuser capabilities and remove the default one. See http://docs.datastax.com/en/dse/6.0/dse-admin/datastax_enterprise/security/Auth/secCreateRootAccount.html
For security and performance reasons, you will almost always want to remove or alter the cassandra user and create a new super user.
We usually prescribe the following steps to alter the super user and create a new super user.
1. Login with cqlsh.

cqlsh -u cassandra -p cassandra

2. Create a new superuser.

cassandra@cqlsh> CREATE ROLE [new_superuser] WITH PASSWORD = '[secure_password]' AND SUPERUSER = true AND LOGIN = true;

3. Logout by typing exit at the command prompt.

exit

4. Log back in with your new credentials

cqlsh -u [new_superuser] -p [secure_password]

5. For security purposes, change the cassandra user password

alter user cassandra with password '[new_password]';

6. Remove the super privileges from the cassandra user.

superuser@cqlsh> ALTER ROLE cassandra WITH PASSWORD = 'cassandra' AND SUPERUSER = false AND LOGIN = false;
superuser@cqlsh> REVOKE ALL PERMISSIONS ON ALL KEYSPACES FROM cassandra;

7. Grant all permissions to your super account.

superuser@cqlsh> GRANT ALL PERMISSIONS ON ALL KEYSPACES TO [superuser];

DataStax AllCode



			

Related Articles

3 Ways Gen AI and AWS can Enhance Your Business

3 Ways Gen AI and AWS can Enhance Your Business

Amazon is on the cutting edge of new technologies. They have been increasingly experimenting with AI and learning algorithms, culminating in their most recent breakthroughs in Generative AI. Developers and technology enthusiasts have access to their innovations through the tools available on AWS.

Business Owner’s Guide to DevOps Essentials

Business Owner’s Guide to DevOps Essentials

As a business owner, it’s essential to maximize workplace efficiency. DevOps is a methodology that unites various departments to achieve business goals swiftly. Maintaining a DevOps loop is essential for the health and upkeep of deployed applications.