When I create a new user in redis using the acl setuser command, like the following:
acl setuser ankit on >generalpassword +#all -#dangerous ~*
Where is this information about the new user stored?
I checked the redis.conf file.
Is it stored in another file? If yes, which file is that?
The ACL database is stored in memory (RAM) and get lost if you restart Redis. To persist it to disk, you need to invoke the ACL SAVE command:
When Redis is configured to use an ACL file (with the aclfile
configuration option), this command will save the currently defined
ACLs from the server memory to the ACL file.
Related
i have deployed a single/standalone redis container using bitnami/redis helm chart.
i created a new user in redis by connecting to redis using redis-cli and running command "ACL SETUSER username on allkeys +#all +SADD >password" and the user created is shown by ACL LIST.
Now if delete the redis pod, new pod will comeup and it doesnot have the user created above by me.
why this is happening ?
how to create permanent users in redis?
Assuming your redis implementation uses the regular redis implementation, then there are two options for ACL persistence:
in the main redis configuration file, or
in an external ACL configuration file
This is determined by whether you have an aclfile configuration option set. If you're using the first version, then CONFIG REWRITE should update the server configuration; if you're using the second version, ACL SAVE is what you need. If you don't issue either of these, your ACLs will be lost when the server next restarts.
The DVC remote configuration allows to define a profile for the AWS CLI to use. However, some developers might have their local AWS cli configuration use different profiles whose name they find helpful.
Is there a way to override the profile used by DVC on a dvc push / dvc pull without modifying the remote configuration of an s3 repo?
There are a few options to achieve this.
Use local remote config option to set remote storage config parameters that are specific to a user:
$ dvc remote modify --local myremote profile myprofile
It will create a file .dvc/config.local that will be Git-ignored, and options from this files will be merged with the main config when users run DVC commands.
Alternatively, users can use the AWS_PROFILE environment variable to specify their local profile name. In this case remember to not include profile name into DVC remote config.
$ export AWS_PROFILE=myprofile
$ dvc push
I'm using Redis 6.2.5, and I'm facing some issues to save users.
It looks like it only works if I put the user in the redis.conf file. If I just create it with acl setuser username command and then restart the service, it loses the user information, even if I run the save or bgsave commands. Does anybody know a way to save the user definitely without editing the redis.conf file, or just add it in the memory but also on the redis.conf file, so, when it's restarted, the user will be there?
You can use CONFIG REWRITE command to rewrite the config file, so that your setting will be saved to config file. The next time, you start Redis with this config file, you'll get those user settings.
Also you can use an external ACL file to set ACL rules. If you want to change the settings, you can manually change the ACL file, and call ACL LOAD to reload the new configuration.
Check the doc for detail.
I create a redis cluster and try to use acl.
I want to make some user can aceess the special prefix.
But when i use acl load or acl save, it just save in the current node.
May I update users in ervery nodes by the redis-cli ?
The Redis cluster does not propagate configuration between its nodes automatically (as you've noted). This applies both to regular (redis.conf) and user (ACL) configuration directives.
You need to copy the ACL files to all nodes, or issue the same ACL SETUSER commands on each node.
I want to add password to Redis.
I interested if there is a way to save encrypted password in redis.conf and not as plain text?
Or a way not to store the password in redis.conf at all?
By default redis.conf atleast until today with its most recent version - 6.0.1 still doesnt support encrypting a password.
While this is a situation is not fully avoidable, at the best, you can automate this by writing a wrapper startup script that would accept password as an argument and bring up the service. And then, once the service is up, ALTHOUGH THIS IS TO BE AVOIDED AND IS NOT RECOMMENDED you can delete the conf file or change the password in that file. and, before the startup of REDIS, you would require to run the startup script again/ re-enter the original password. BUT THIS CAN ADDITIONALY CAUSE PROBLEMS.
Please note -> redis.conf can be secured by linux/OS permissions and thats the best way to do so
No Redis doesn't support encrypted password for auth. You may check the details in official documentation
The password is set by the system administrator in clear text inside the redis.conf file. It should be long enough to prevent brute force attacks.
Additionally;
The AUTH command, like every other Redis command, is sent unencrypted, so it does not protect against an attacker that has enough access to the network to perform eavesdropping.
You may use config set requirepass yourpassword to set password and this will not require a server restart but set it on-fly, but when the server is restarted your previous password(written in conf file)/no password(if it is not set) will be used to authenticate requests.
Well while encryption is till now not an option, Redis 6 introduced ACL (Access Control List) where you can store your SHA256-hashed passwords in the redis.conf file.
Please note that this not an Encryption though!
From redis-cli:
acl setuser yourUser on #951249c8e32817cb0727ba2b1440f008c49c582e5daca4a0bd6d64eed1291a37
From redis.conf
user yourUser on #951249c8e32817cb0727ba2b1440f008c49c582e5daca4a0bd6d64eed1291a37
Additional note:
You may need to disable the default user which does not have a password:
From redis-cli:
acl setuser default off
From redis.conf
user default off