TypechoJoeTheme

Dcr163的博客

统计

网站页面
类目归类
标签搜索
日志

Centos普通用户启动redis服务

2020-12-15
/
0 评论
/
1,458 阅读
/
正在检测是否收录...
12/15

为了保证生产环境服务器的安全,在工作中有一个规范,要求我们运行的服务都要求以非登陆的普通用户运行,从而防止程序本身的漏洞被利用被黑客提权!

首先注明,我的redis目录为,根据自己的redis目录做修改:/usr/local/redis-5.0.2

 

建立用户组:        groupadd redis

建立普通用户:   useradd redis -M -g redis -s /sbin/nologin

拓展useradd知识:

         -d   指定用户家目录(默认是/home目录下)

         -M  禁止创建用户家目录(常配合非登陆用户使用)

         -s   指定shell类型 (默认是/bin/bash /sbin/nologin 为禁止登陆)

 

#创建redis运行时的pid目录(默认是/var/run/但是仅限root用户创建,如果普通用户运行的,必须在其下自创目录,并chown授权)

mkdir -pv /var/run/redis && chown –R redis:redis /var/run/redis

#新建日志文件

mkdir -pv /var/log/redis/ && chown -R redis:redis /var/log/redis/

 

#新建redis数据目录,并且授权给redis用户为所有权

mkdir -pv /usr/local/redis/data/ && chown -R redis:redis /usr/local/redis/data/

 

#拷贝配置文件到redis的目录

cp /usr/local/redis-5.0.2/redis.conf /usr/local/redis/

 

注意:我们的appendonly.aof文件默认是644权限,其他用户只读。所以修改普通用户前,看看该文件在哪个路径下,并且检查是否chown redis了,也可以给他直接加w权限,但是为了安全不推荐。如果该文件没权限,修改后会启动redis失败,报错如下。

所以最好更改下redis所属的用户:chown –R redis:redis “这里是redis的源码目录

 

修改redis.conf 配置文件,登陆密码和端口什么的根据自己的需要配置,这里我配置的是9379端口:

port 9379

pidfile /var/run/redis/redis_9379.pid

logfile "/var/log/redis/redis.log"

dir "/usr/local/redis/data"


 

 

新增redis开机启动文件

vim /usr/lib/systemd/system/redis.service

指定普通用户运行,全靠我们的开启启动文件进行配置 wq保存后。

[Unit]

#redis服务自启动

Description=redis-server

After=network.target

[Service]

User=redis

Group=redis

Type=forking

PIDFile=/var/run/redis/redis_9379.pid

ExecStart=/usr/local/redis-5.0.2/src/redis-server /usr/local/redis/redis9379.conf

PrivateTmp=true

[Install]

WantedBy=multi-user.target

 

 

执行:  

         systemctl darmon-reload

         service redis restart

开机自启动:systemctl enable redis.service

 

正常情况如下图所示:


 

使用:ps aux|grep redis

可以看到已经是用redis用户启动了

Centos普通用户启动redis服务.docx


朗读
赞(0)
版权属于:

Dcr163的博客

本文链接:

https://www.dcr163.cn/261.html(转载时请注明本文出处及文章链接)

评论 (0)
503 文章数
65 评论量

人生倒计时

今日已经过去小时
这周已经过去
本月已经过去
今年已经过去个月

热门文章

最新回复

  1. https://Sites.google.com/view/vavada-online-casino
    2025-04-12

    I comment each time I especially enjoy a article onn a site or if I havbe something too valuable to contribute to the discussion. It iss caused by thhe passion communicated
    in the article I looked at. And after this post rabbitmq-server line 85:
    erl: command not found 报错 - Dcr163的博客.
    I wass actually moved enough to create a comment :-)
    I actually do have a couple of questions for you iff you don't mind.
    Could it bbe simply me or do a few of these remarks appear
    as if thry are left by brain dead people?
    :-P And, if you are wrriting at additional sites, I'd like too keep up with anything new
    you have too post. Would you list every oone of all your
    shared pages like your titter feed, Facebook page or
    linkedin profile?
  2. https://x.com/jeetbuzzcom
    2025-04-07

    Thanks for finally writing about >个人介绍 - Dcr163的博客

  3. prozone.cc alternative
    2025-03-19

    Ꭲhanks for finaⅼly writing abοut >个人介绍 - Dcr163的博客

  4. urgent delivery
    2025-03-16

    [INSERT CITATION NAP HERE] The #1 Adelaide Truck Mistake, Plus
    7 Extra Lessons urgent delivery]
    Thanks for finally talking about >个人介绍 - Dcr163的博客

  5. faster indexing
    2025-03-05

    I believe everything posted made a great deal of sense. However, what about
    this? what if you were to write a killer post title?
    I mean, I don't wish to tell you how to run your website, however suppose you added a post
    title that grabbed people's attention? I mean 个人介绍 - Dcr163的博客 is kinda vanilla.
    You ought to look at Yahoo's home page and note how they create article titles to grab viewers interested.
    You might add a related video or a related pic or two to get people excited
    about everything've written. Just my opinion, it could make your
    blog a little livelier. faster indexing

标签云

CopyRight © Dcr163.cn 粤ICP备15066935号 2016 ~ 2025 46ms
RSS MAP