Failed Opening The Rdb File ... Read-Only File System

Redis: Failed opening .rdb for saving: Permission denied

You should check your redis.conf file to see the permissions in dir and dbfilename. If the file named in the dbfilename which is located in the path specified in the dir path exists and the permission is also right. then the problem should be fixed.

Hope this will help someone.

P.S.

To find the redis.conf file location, you can use the #ps ax | grep redis to check. Usually it will be passed to the redis-server as input file.

For the dir permissions:it should be 755, for the dbfilename, it should be 644

Sometimes you also need to use top command to check whether the user:group of the redis-server and the owner of dir are consistent. i.e. The redis-server is running by redis:redis, but the dir is under root:root. In this case, you need to chown redis:redis -R dir.

Redis permission denied while opening dump.rdb

It seems that the official redis image is using an applicative user to run the redis-server and not root(which is a security best practice) regardless of USER definition - I extracted this from the image's entrypoint shell script:

# allow the container to be started with `--user`
if [ "$1" = 'redis-server' -a "$(id -u)" = '0' ]; then
    find . \! -user redis -exec chown redis '{}' +
    exec gosu redis "$0" "$@"
fi

when mounting a volume to a container, it is owned by the root user, it will override the default directory in the image's layer along with previous permissions.

It seems that the redis image intentions were not to expose the '/var/lib/redis' dir as a volume, instead they offer mounting to '/data/' for persistence:

If persistence is enabled, data is stored in the VOLUME /data, which can be used with --volumes-from some-volume-container or -v /docker/host/dir:/data (see docs.docker volumes).

For more about Redis Persistence, see http://redis.io/topics/persistence.

AWS-EC2 Redis-server RDB snapshot write error

Well this is very embarrassing to post answer of own question, which was a really stupid mistake. But hope new folks here learns from my mistake too.

  • So first thing I have done is enable detail logs for redis-server in /etc/redis/redis.conf file by changing log_level option to debug.

  • Observe the logs and understand that my redis port 6379 was open for everyone on internet.

So from logs I observe that someone else's server is spoofing into my redis server and making it slave of it. And as my redis server is configure in a way that slave is read-only, when i try to access my redis-server it throw error of read-only.

  • After applying the fire-wall for redis server port, I have not encounter this issue anymore.

Related Topics

Read Serial Data Without High CPU Use

Linux Thread Synchronization

Identify Program That Connects to a Unix Domain Socket

Why I Am Not Getting Signal Sigkill on Kill -9 Command in Bash

Install Library in Home Directory

How to Find a Tutorial on The Writing of Makefiles

Difference Between "Machine Hardware" and "Hardware Platform"

How to Get Gmt Time in Unix

Copy File Permissions, But Not Files

The Repository 'Http://Dl.Google.Com/Linux/Chrome/Deb Stable Release' Is Not Signed

Find Which Program Caused a Core Dump File

How to Terminate Gdbserver

Set Environment Variables in an Aws Instance

Linux Kernel Exported Symbols

Why Does The Call Latency on Clock_Gettime(Clock_Realtime, ..) Vary So Much

Using Netcat to Pipe Unix Socket to Tcp Socket

Getting Function Arguments Using Kprobes

How to Get Screen Dpi (Linux,Mac) Programatically


Leave a reply



Submit