Redis: Failed opening .rdb for saving: Permission denied
You should check your redis.conf file to see the permissions in dir and dbfilename. If the file named in the dbfilename which is located in the path specified in the dir path exists and the permission is also right. then the problem should be fixed.
Hope this will help someone.
P.S.
To find the redis.conf
file location, you can use the #ps ax | grep redis
to check. Usually it will be passed to the redis-server
as input file.
For the dir permissions:it should be 755
, for the dbfilename, it should be 644
Sometimes you also need to use top
command to check whether the user:group
of the redis-server
and the owner of dir are consistent. i.e. The redis-server
is running by redis:redis, but the dir is under root:root. In this case, you need to chown redis:redis -R dir
.
Redis permission denied while opening dump.rdb
It seems that the official redis image is using an applicative user to run the redis-server and not root(which is a security best practice) regardless of USER definition - I extracted this from the image's entrypoint shell script:
# allow the container to be started with `--user`
if [ "$1" = 'redis-server' -a "$(id -u)" = '0' ]; then
find . \! -user redis -exec chown redis '{}' +
exec gosu redis "$0" "$@"
fi
when mounting a volume to a container, it is owned by the root user, it will override the default directory in the image's layer along with previous permissions.
It seems that the redis image intentions were not to expose the '/var/lib/redis' dir as a volume, instead they offer mounting to '/data/' for persistence:
If persistence is enabled, data is stored in the VOLUME /data, which can be used with --volumes-from some-volume-container or -v /docker/host/dir:/data (see docs.docker volumes).
For more about Redis Persistence, see http://redis.io/topics/persistence.
AWS-EC2 Redis-server RDB snapshot write error
Well this is very embarrassing to post answer of own question, which was a really stupid mistake. But hope new folks here learns from my mistake too.
So first thing I have done is enable detail logs for redis-server in
/etc/redis/redis.conf
file by changinglog_level
option todebug
.Observe the logs and understand that my redis port
6379
was open for everyone on internet.
So from logs I observe that someone else's server is spoofing into my redis server and making it slave of it. And as my redis server is configure in a way that slave is read-only
, when i try to access my redis-server it throw error of read-only.
- After applying the fire-wall for redis server port, I have not encounter this issue anymore.
Related Topics
Read Serial Data Without High CPU Use
Identify Program That Connects to a Unix Domain Socket
Why I Am Not Getting Signal Sigkill on Kill -9 Command in Bash
Install Library in Home Directory
How to Find a Tutorial on The Writing of Makefiles
Difference Between "Machine Hardware" and "Hardware Platform"
Copy File Permissions, But Not Files
The Repository 'Http://Dl.Google.Com/Linux/Chrome/Deb Stable Release' Is Not Signed
Find Which Program Caused a Core Dump File
Set Environment Variables in an Aws Instance
Why Does The Call Latency on Clock_Gettime(Clock_Realtime, ..) Vary So Much
Using Netcat to Pipe Unix Socket to Tcp Socket