diff --git a/redis/content.md b/redis/content.md index f5dfd0144b0a..ccd86f1b87a6 100644 --- a/redis/content.md +++ b/redis/content.md @@ -14,6 +14,12 @@ For the ease of accessing Redis from other containers via Docker networking, the - [Protected mode](https://redis.io/docs/latest/operate/oss_and_stack/management/security/#protected-mode) - [A few things about Redis security by antirez](http://antirez.com/news/96) +## Process User and Privileges + +By default, the Redis Docker image drops privileges by switching to the redis user and removing unnecessary capabilities. This step is skipped if Docker is run with the `--user` option or if you set the `SKIP_DROP_PRIVS=1` (since 8.0.2) environment variable. + +Note: Using `SKIP_DROP_PRIVS` is not recommended, as it reduces the container's security. + # How to use this image ## Start a redis instance @@ -32,6 +38,20 @@ There are several different persistence strategies to choose from. This one will For more about Redis persistence, see [the official Redis documentation](https://redis.io/docs/latest/operate/oss_and_stack/management/persistence/). +### File and Directory Permissions + +Redis will attempt to correct the ownership and permissions of the data and configuration (since 8.0.2) directories and files if they are not set correctly. This adjustment is only performed in basic, default scenarios to avoid interfering with custom or user-specific configurations. + +You can skip this step by setting the `SKIP_FIX_PERMS=1`(since 8.0.2) environment variable. + +### Manually Setting File and Directory Permissions + +If you prefer to handle file permissions yourself, you can use a `docker run` command to set the correct ownership on mounted volumes. For example: + +```console +$ docker run --rm -v /your/host/path:/data %%IMAGE%% chown -R redis:redis /data +``` + ## Connecting via `redis-cli` ```console