redis snapshot location not as specified in config

Question

After running fine for a while, I am getting write error on my redis instance:

(error) MISCONF Redis is configured to save RDB snapshots, but it is currently not able to persist on disk. Commands that may modify the data set are disabled, because this instance is configured to report errors during writes if RDB snapshotting fails (stop-writes-on-bgsave-error option). Please check the Redis logs for details about the RDB error.

In the log I see:

 9948:C 22 Mar 20:49:32.241 # Failed opening the RDB file root (in server root dir /var/spool/cron) for saving: Read-only file system

However, my redis config file is /etc/redis/redis.conf as confirmed by:

 redis-cli -p 6379 info | grep 'config_file'
 config_file:/etc/redis/redis.conf

And there I have:

 dir /mnt/data/redis

And indeed, there is a snapshot there.

But despite the above, redis now thinks my data directory is

 redis-cli -p 6379 CONFIG GET dir
 1) "dir"
 2) "/var/spool/cron"

Corresponding to the error I was getting as quoted above.

Can anyone tell me why/how my data directory is changing after redis starts, such that it is no longer what is specified in the config file?

Answer 1

So the answer is that the redis server was hacked and the configuration changed, which is very easy to do as it turns out. (I should point out that I had no reason to think it wasn't easy to do. I just assumed security by obscurity was sufficient in this case--wrong. No matter, this was just a playground not any sort of production server).

So don't open your redis port to the world. Use security groups if on AWS to limit access to machines that need it, or use AUTH (which is still not awesome because then all clients need to know the single password which also apparently gets sent in the clear), or have some middleware controlling access.

Hacking redis is easy to do, can compromise your data, and even enable unauthorized SSH access to your server. And that's why you shouldn't highline.