Clarify the neo4j-admin.conf file permissions for using `--expand-c… (#1621)

NataliaIvakina · web-flow · commit 60a884dfe404 · 2024-05-20T08:59:10.000+02:00
…… (#1591) …ommands`
diff --git a/modules/ROOT/pages/configuration/command-expansion.adoc b/modules/ROOT/pages/configuration/command-expansion.adoc
@@ -55,7 +55,9 @@ If they fail, Neo4j does not evaluate the script commands in _neo4j.conf_, and t
 
 On Unix (both Linux and Mac OS)::
 
-* The _neo4j.conf_ file must, at least, be readable by its owner or by the user-group to which the owner belongs.
+* The _neo4j.conf_ and _neo4j-admin.conf_ files must, at most, be readable or writable by their owner and readable by the user-group to which the owner belongs.
+The _neo4j-admin.conf_ file is a configuration file located in the same directory as the _neo4j.conf_ file.
+You can use the _neo4j-admin.conf_ file to provide administration-task-specific settings.
 * The Neo4j process must run as a user who is either the owner of the _neo4j.conf_ file or in the user-group which owns the _neo4j.conf_ file.
 
 [NOTE]
@@ -67,7 +69,26 @@ For example, the _neo4j.conf_ file can have no group permissions and only be rea
 
 On Windows::
 
-* The _neo4j.conf_ file must, at least, be readable by the user that the Neo4j process runs as.
+* The _neo4j.conf_ and _neo4j-admin.conf_ files must, at most, be readable/modifiable but not executable by the owner only.
+
+[NOTE]
+====
+The owner may have the following permissions from the Access Control List (ACL):
+
+* `READ_DATA`
+* `WRITE_DATA`
+* `APPEND_DATA`
+* `READ_ATTRIBUTES`
+* `WRITE_ATTRIBUTES`
+* `READ_NAMED_ATTRS`
+* `WRITE_NAMED_ATTRS`
+* `READ_ACL`
+* `WRITE_ACL`
+* `DELETE`
+* `DELETE_CHILD`
+* `WRITE_OWNER`
+* `SYNCHRONIZE`
+====
 
 == Logging
 
@@ -89,4 +110,4 @@ In this case, the execution stops and the server does not start.
 * Errors for incorrect values -- The returned value is not the one expected for the setting.
 In this case, the server does not start.
 
-For more information, see xref:tools/neo4j-admin/index.adoc#neo4j-admin-exit-codes[Exit codes].
+For more information, see xref:tools/neo4j-admin/index.adoc#neo4j-admin-exit-codes[Exit codes].
diff --git a/modules/ROOT/pages/configuration/file-locations.adoc b/modules/ROOT/pages/configuration/file-locations.adoc
@@ -69,12 +69,15 @@ File permissions:: Read only
 | Default file location
 
 | Linux / macOS / Docker | _<NEO4J_HOME>/conf/neo4j.conf_ +
+_<NEO4J_HOME>/conf/neo4j-admin.conf_ +
  _<NEO4J_HOME>/conf/server-logs.xml_ +
  _<NEO4J_HOME>/conf/user-log.xml_
 | Windows | _<NEO4J_HOME>\conf\neo4j.conf_ +
+_<NEO4J_HOME>\conf\neo4j-admin.conf_ +
 _<NEO4J_HOME>\conf\server-logs.xml_ +
 _<NEO4J_HOME>\conf\user-log.xml_
 | Debian / RPM | _/etc/neo4j/neo4j.conf_ +
+_/etc/neo4j/neo4j-admin.conf_ +
 _/etc/neo4j/server-logs.xml_ +
 _/etc/neo4j/user-log.xml_
 | Neo4j Desktop | From the _Open_ dropdown menu of your active Neo4j DBMS, select _Terminal_ and run `cd conf`.
