5

I have been running redis which I built from source for several months, but I switched to using a package manger for it today (running on Debian). It ran fine until I changed the working directory to /home/redis/server. Now when starting it as a service using sudo service redis-server start, I get an error, and the following is added to the redis log:

Can't chdir to '/home/redis/server': Permission denied

Running getfacl recursively on the redis directory returns 

# file: .
# owner: redis
# group: redis
user::rwx
group::rwx
other::rwx

# file: server
# owner: redis
# group: redis
user::rwx
group::rwx
other::rwx

# file: server/dump.rdb
# owner: redis
# group: redis
user::rwx
group::rwx
other::rwx

If I su to redis and run it manually, using /usr/bin/redis-server /etc/redis/redis.conf, it works correctly, so it only happens when trying to use the included init.d script.

JackW
  • 261
  • 1
  • 2
  • 10

2 Answers2

10

It turns out that the init script included with Redis isn't actually used, and instead it uses /etc/systemd/system/redis.service. There are a number of security restrictions in this file, including ProtectHome=yes and limiting the directories that can be written to. I have modified this file to comment out ProtectHome=yes and to add a line ReadWriteDirectories=-/home/redis/server, and it now works correctly.

After this, run systemctl daemon-reload to reload changes before running service start redis-server.

JackW
  • 261
  • 1
  • 2
  • 10
0

You should make sure, that the redis service is started by init.d with the redis user context.

Edit /etc/init.d/redis-server and add

--chuid redis:redis

where start-stop-daemon is called. Since su to redis is working, this should fix the error.

pskiebe
  • 1
  • `--chuid` is already in there, by default, though I did try `chmod`ing the directory to 777 and that still didn't resolve it. – JackW Sep 07 '16 at 17:10
  • Since you don't get the error if you start `redis-server` as `redis (user)`, I would try to start the server with: `su redis -c 'redis-start-command'` in the `init.d` file. This is not the best solution, but might work. – pskiebe Sep 08 '16 at 08:56
  • Also check if `redis-server` ist really running as `redis (user)` `ps u pid-of-redis-server` or `ps aux | grep redis-server` – pskiebe Sep 08 '16 at 09:05
  • For some reason, running `sudo su redis -c "/usr/bin/redis-server /etc/redis/redis.conf"` in the terminal fails silently (nothing logged), and only seems to work if I actually su to redis, then run it manually. Redis is definitely running as user redis. – JackW Sep 08 '16 at 15:52
  • Actually, adding `-s /bin/bash` to the end of the command works, but I'd still like to be able to stop redis if possible, which manually running it wouldn't allow I think. – JackW Sep 08 '16 at 15:59