# running redis with redis user and group rights: redis



## bagas (Sep 22, 2020)

Hello.
Please tell me.
FreeBSD 11.3
redis-5.0.9
Running redis with redis user and group redis:redis ?
Now.
ls -al /tmp/redis.sock
srwxrwxrwx  1 redis  wheel  0 Sep 22 09:46 /tmp/redis.sock


----------



## SKull (Sep 22, 2020)

redis.conf doesn't seem to have a 'group' option.
But it's running by default with 700 anyway, so you don't need to worry about the group I think.

If you want to be super secure just run it in a jail on an IP address instead of a socket.


----------



## T-Daemon (Sep 22, 2020)

There is also a `unixsocketperm` directive for the socket in redis.conf:



			https://raw.githubusercontent.com/redis/redis/5.0/redis.conf


----------



## SKull (Sep 22, 2020)

T-Daemon said:


> There is also a `unixsocketperm` directive for the socket in redis.conf:
> 
> 
> 
> https://raw.githubusercontent.com/redis/redis/5.0/redis.conf


Which is rwx for the user and zero for everybody else by default.
So the group is moot anyway.


----------



## T-Daemon (Sep 22, 2020)

T-Daemon said:


> There is also a `unixsocketperm` directive for the socket in redis.conf:





SKull said:


> Which is *rwx* for the user and zero for everybody else by default.





bagas said:


> *srwxrwxrwx* 1 redis wheel 0 Sep 22 09:46 /tmp/redis.sock


That doesn't look like mode 700.


----------



## bagas (Sep 23, 2020)

777 rights are insecure.
I decided to run redis as a regular user.
Make the socket rights 750.

And why do port 0 in redis.conf when using a socket?


----------



## SKull (Sep 23, 2020)

bagas said:


> Make the socket rights 750.


Why?!
The default is 700 in /usr/local/etc/redis.conf.
Why would you give more permissions than needed?


----------

