Redis - Failed opening .rdb for saving: Permission denied

1,429 views
Skip to first unread message

Валентин Иванов

unread,
Dec 11, 2015, 4:32:55 PM12/11/15
to Redis DB
Hi. Sorry for my english. I have this issue with FreeBSD server.

When my admins start redis, it starts ok and i see this in log every 5-6 minutes
30965:M 11 Dec 15:05:04.687 # Server started, Redis version 3.0.5
30965:M 11 Dec 15:05:04.907 * DB loaded from disk: 0.220 seconds
30965:M 11 Dec 15:05:04.907 * The server is now ready to accept connections on port 6379
                _._                                                  
           _.-``__ ''-._                                             
      _.-``    `.  `_.  ''-._           Redis 3.0.5 (00000000/0) 64 bit
  .-`` .-```.  ```\/    _.,_ ''-._                                   
 (    '      ,       .-`  | `,    )     Running in standalone mode
 |`-._`-...-` __...-.``-._|'` _.-'|     Port: 6379
 |    `-._   `._    /     _.-'    |     PID: 32201
  `-._    `-._  `-./  _.-'    _.-'                                   
 |`-._`-._    `-.__.-'    _.-'_.-'|                                  
 |    `-._`-._        _.-'_.-'    |           http://redis.io        
  `-._    `-._`-.__.-'_.-'    _.-'                                   
 |`-._`-._    `-.__.-'    _.-'_.-'|                                  
 |    `-._`-._        _.-'_.-'    |                                  
  `-._    `-._`-.__.-'_.-'    _.-'                                   
      `-._    `-.__.-'    _.-'                                       
          `-._        _.-'                                           
              `-.__.-'                                               

32201:M 11 Dec 15:07:13.558 # Server started, Redis version 3.0.5
32201:M 11 Dec 15:07:13.558 * The server is now ready to accept connections on port 6379
32201:M 11 Dec 15:12:14.075 * 1000 changes in 300 seconds. Saving...
32201:M 11 Dec 15:12:14.077 * Background saving started by pid 35032
35032:C 11 Dec 15:12:15.142 * DB saved on disk
32201:M 11 Dec 15:12:15.192 * Background saving terminated with success
32201:M 11 Dec 15:17:16.019 * 1000 changes in 300 seconds. Saving...
32201:M 11 Dec 15:17:16.020 * Background saving started by pid 37936
37936:C 11 Dec 15:17:17.638 * DB saved on disk
32201:M 11 Dec 15:17:17.731 * Background saving terminated with success
32201:M 11 Dec 15:22:18.062 * 1000 changes in 300 seconds. Saving...
32201:M 11 Dec 15:22:18.063 * Background saving started by pid 40828
40828:C 11 Dec 15:22:20.630 * DB saved on disk



My dump.rdb file is growing up and everything is ok but then after 10-12 hours i see this in log:
94647:C 10 Dec 20:00:01.094 # Failed opening .rdb for saving: Permission denied
61508:M 10 Dec 20:00:01.102 * Background saving started by pid 94647
61508:M 10 Dec 20:00:01.209 # Background saving error
61508:M 10 Dec 20:00:07.077 * 1 changes in 900 seconds. Saving...
61508:M 10 Dec 20:00:07.083 * Background saving started by pid 94696
94696:C 10 Dec 20:00:07.083 # Failed opening .rdb for saving: Permission denied
61508:M 10 Dec 20:00:07.189 # Background saving error


And my dump.rdb file is 18bytes only and doesnt grow up.

Then i ask admin to restart redis. Then it was restarted and again it works fine for 10-12 hours in a row and then permission errrors again.

My redis run with redis permissions. My db file is also redit permissions and my database dir (/var/db/redis/) is also have redis permissions. So it seems to be fine with permissions and my admins says that its ok with permissions. But i dont know why after some hours i get that permissions errors.
And why my dump.rdb resets to 18bytes size.

So i restart my redis many times already but i always get that errors after some hours.
My admins checked filesystem and its ok.


For me it seems that after some hours something CHANGES directory of my dump file to somewhere and thats why redis cant write anymore because redis has no permissions to this directory.

Josiah Carlson

unread,
Dec 11, 2015, 4:49:58 PM12/11/15
to redi...@googlegroups.com
Before you restart your server next time, do a "CONFIG GET dir" against Redis. Find out what path they are setting stuff to. Someone may be trying to exploit you, which would suggest that you should also look into your network security (listening ports, firewalls, etc.) and making sure that no one other than you can directly connect to Redis.

 - Josiah

--
You received this message because you are subscribed to the Google Groups "Redis DB" group.
To unsubscribe from this group and stop receiving emails from it, send an email to redis-db+u...@googlegroups.com.
To post to this group, send email to redi...@googlegroups.com.
Visit this group at http://groups.google.com/group/redis-db.
For more options, visit https://groups.google.com/d/optout.

Cristobal Castillo

unread,
Dec 14, 2015, 8:51:55 AM12/14/15
to Redis DB
I'm experiencing the exact same issue. When permission denied error starts to raise, I check my redis keys and there's only one name "crackit". But, the 6379 port on my server is not open to the internet (only 80 and 22). And I have the same periodicity of the error. Is the server periodically attacked?

Josiah Carlson

unread,
Dec 14, 2015, 12:36:38 PM12/14/15
to redi...@googlegroups.com
Smells like your machine is already compromised, and whomever has compromised your machine is only periodically trying to take over your Redis server. Having an exploited box is far more important than 99.99% of Redis servers out there, which is why you're probably not seeing more Redis-related stuff there.

At this point, you should probably look towards figuring out how they got in and whether they are in any of your other infrastructure (if you have any more).

 - Josiah



Visit this group at https://groups.google.com/group/redis-db.
Reply all
Reply to author
Forward
0 new messages