Server : Apache System : Linux ks5.tuic.fr 6.1.0-18-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.76-1 (2024-02-01) x86_64 User : pragmatice ( 1003) PHP Version : 8.2.24 Disable Function : NONE Directory : /usr/lib/systemd/system/ |
# Templated service file for redis-server(1) # # Each instance of redis-server requires its own configuration file: # # $ cp /etc/redis/redis.conf /etc/redis/redis-myname.conf # $ chown redis:redis /etc/redis/redis-myname.conf # # Ensure each instance is using their own database: # # $ sed -i -e 's@^dbfilename .*@dbfilename dump-myname.rdb@' /etc/redis/redis-myname.conf # # We then listen exlusively on UNIX sockets to avoid TCP port collisions: # # $ sed -i -e 's@^port .*@port 0@' /etc/redis/redis-myname.conf # $ sed -i -e 's@^\(# \)\{0,1\}unixsocket .*@unixsocket /run/redis-myname/redis-server.sock@' /etc/redis/redis-myname.conf # # ... and ensure we are logging, etc. in a unique location: # # $ sed -i -e 's@^logfile .*@logfile /var/log/redis/redis-server-myname.log@' /etc/redis/redis-myname.conf # $ sed -i -e 's@^pidfile .*@pidfile /run/redis-myname/redis-server.pid@' /etc/redis/redis-myname.conf # # We can then start the service as follows, validating we are using our own # configuration: # # $ systemctl start redis-server@myname.service # $ redis-cli -s /run/redis-myname/redis-server.sock info | grep config_file # # -- Chris Lamb <lamby@debian.org> Mon, 09 Oct 2017 22:17:24 +0100 [Unit] Description=Advanced key-value store (%I) After=network.target Documentation=http://redis.io/documentation, man:redis-server(1) [Service] Type=notify ExecStart=/usr/bin/redis-server /etc/redis/redis-%i.conf --supervised systemd --daemonize no PIDFile=/run/redis-%i/redis-server.pid TimeoutStopSec=0 Restart=always User=redis Group=redis RuntimeDirectory=redis-%i RuntimeDirectoryMode=2755 UMask=007 PrivateTmp=true LimitNOFILE=65535 PrivateDevices=true ProtectHome=true ProtectSystem=strict ReadWritePaths=-/var/lib/redis ReadWritePaths=-/var/log/redis ReadWritePaths=-/var/run/redis-%i CapabilityBoundingSet= LockPersonality=true MemoryDenyWriteExecute=true NoNewPrivileges=true PrivateUsers=true ProtectClock=true ProtectControlGroups=true ProtectHostname=true ProtectKernelLogs=true ProtectKernelModules=true ProtectKernelTunables=true ProtectProc=invisible RemoveIPC=true RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX RestrictNamespaces=true RestrictRealtime=true RestrictSUIDSGID=true SystemCallArchitectures=native SystemCallFilter=@system-service SystemCallFilter=~ @privileged @resources # redis-server can write to its own config file when in cluster mode so we # permit writing there by default. If you are not using this feature, it is # recommended that you remove this line. ReadWriteDirectories=-/etc/redis # This restricts this service from executing binaries other than redis-server # itself. This is really effective at e.g. making it impossible to an # attacker to spawn a shell on the system, but might be more restrictive # than desired. If you need to, you can permit the execution of extra # binaries by adding an extra ExecPaths= directive with the command # systemctl edit redis-server.service NoExecPaths=/ ExecPaths=/usr/bin/redis-server /usr/lib /lib [Install] WantedBy=multi-user.target