I have been running redis which I built from source for several months, but I switched to using a package manger for it today (running on Debian). It ran fine until I changed the working directory to /home/redis/server. Now when starting it as a service using sudo service redis-server start, I get an error, and the following is added to the redis log:
Can't chdir to '/home/redis/server': Permission denied
Running getfacl recursively on the redis directory returns
# file: .
# owner: redis
# group: redis
user::rwx
group::rwx
other::rwx
# file: server
# owner: redis
# group: redis
user::rwx
group::rwx
other::rwx
# file: server/dump.rdb
# owner: redis
# group: redis
user::rwx
group::rwx
other::rwx
If I su to redis and run it manually, using /usr/bin/redis-server /etc/redis/redis.conf, it works correctly, so it only happens when trying to use the included init.d script.
Best Answer
It turns out that the init script included with Redis isn't actually used, and instead it uses
/etc/systemd/system/redis.service. There are a number of security restrictions in this file, includingProtectHome=yesand limiting the directories that can be written to. I have modified this file to comment outProtectHome=yesand to add a lineReadWriteDirectories=-/home/redis/server, and it now works correctly.After this, run
systemctl daemon-reloadto reload changes before runningservice start redis-server.