Home / Redis / Redis RDB Snapshot Permission Denied After Backup Directory Change

Redis

Redis RDB Snapshot Permission Denied After Backup Directory Change

Fix Redis RDB snapshot failures caused by file permission issues when changing the backup directory.

Today3 min read

Illustration of Redis cache diagnostics.

Introduction Redis RDB snapshots fail with `Permission denied` when the Redis process cannot write to the configured directory. This commonly occurs after changing the `dir` configuration, moving data directories, or when running Redis under systemd with restricted filesystem access.

Symptoms - `Last save status: Error` in `redis-cli INFO persistence` - Redis logs show `Failed opening the RDB file dump.rdb: Permission denied` - `LASTSAVE` timestamp does not update after BGSAVE commands - `CONFIG GET dir` shows a directory the Redis user cannot write to - Redis continues running but no new snapshots are created

Common Causes - Redis running as `redis` user but directory owned by `root` - SELinux or AppArmor blocking Redis write access to the new directory - systemd `ProtectSystem=strict` directive preventing writes outside the data directory - NFS or bind mount with incorrect ownership or permissions - Parent directory lacking execute permission for the Redis user

Step-by-Step Fix 1. Check current directory configuration and permissions: ```bash redis-cli CONFIG GET dir redis-cli CONFIG GET dbfilename ls -la /var/lib/redis/ id redis ```

1.Fix directory ownership and permissions:
2.```bash
3.# Ensure Redis user owns the directory
4.sudo chown -R redis:redis /var/lib/redis
5.sudo chmod 750 /var/lib/redis

# For a custom backup directory sudo mkdir -p /mnt/backups/redis sudo chown -R redis:redis /mnt/backups/redis sudo chmod 750 /mnt/backups/redis ```

1.Update Redis configuration for the new directory:
2.```bash
3.redis-cli CONFIG SET dir /mnt/backups/redis
4.redis-cli CONFIG SET dbfilename dump.rdb

# Test the save redis-cli BGSAVE redis-cli LASTSAVE ```

1.Check and fix SELinux context if applicable:
2.```bash
3.# Check SELinux status
4.getenforce

# If enforcing, set correct context sudo semanage fcontext -a -t redis_var_lib_t "/mnt/backups/redis(/.*)?" sudo restorecon -Rv /mnt/backups/redis

# Or temporarily set to permissive for testing sudo setenforce 0 ```

1.Fix systemd restrictions:
2.```bash
3.sudo systemctl edit redis-server
4.# Add:
5.# [Service]
6.# ReadWritePaths=/mnt/backups/redis
7.sudo systemctl daemon-reload
8.sudo systemctl restart redis-server
9.`
10.Verify the fix:
11.```bash
12.redis-cli BGSAVE
13.# Wait a few seconds
14.redis-cli LASTSAVE
15.ls -la /mnt/backups/redis/dump.rdb
16.`

Prevention - Document directory changes and update ownership in runbooks - Include permission checks in deployment automation - Use `redis-check-rdb` to validate snapshots after creation - Monitor `rdb_last_bgsave_status` in Redis INFO output - Set up alerting on `rdb_last_bgsave_status` changing from `ok` - Test backup restoration regularly to verify snapshot integrity - Use a dedicated backup user with specific directory access rather than running Redis as root