Currently, permissions for the redis socket are 777; access for everyone. This presents a security vulnerability that allows any user to read cached data. I've modified the permissions to 770. To facilitate this I moved the socket to /var/run/redis, which is a directory with ownership redis:redis. This solves the problem of having it in /tmp, where the ownership of the socket is redis:wheel. The change in directory permissions allows other users to be added to the redis group without unnecessarily providing a user with the permissions of wheel.
Namely, it allows the www user to be added to the redis group, which allows the removal of any permissions to "other" users.
Currently, permissions for the redis socket are 777; access for everyone. This presents a security vulnerability that allows any user to read cached data. I've modified the permissions to 770. To facilitate this I moved the socket to
/var/run/redis
, which is a directory with ownershipredis:redis
. This solves the problem of having it in/tmp
, where the ownership of the socket isredis:wheel
. The change in directory permissions allows other users to be added to theredis
group without unnecessarily providing a user with the permissions ofwheel
.Namely, it allows the
www
user to be added to theredis
group, which allows the removal of any permissions to "other" users.If you have any feedback let me know :)