Unable to set configuration parameter "save" through the command line.

[edufelipe]

I've started a Redis instance without a config file, with all parameters passed through command line. One of those parameters was the save parameter. The instance is not reporting the values I've set through the command line. Is this expected?

$ redis-server --pidfile /tmp/.redis.pid --daemonize yes --port 5546 --dir /tmp --save '60 10'
$ redis-cli -p 5546
127.0.0.1:5546> CONFIG GET save
1) "save"
2) ""
127.0.0.1:5546> CONFIG GET pidfile
1) "pidfile"
2) "/tmp/.redis.pid"
127.0.0.1:5546> INFO server
# Server
redis_version:2.8.19
redis_git_sha1:00000000
redis_git_dirty:0
redis_build_id:70633d1af7244f5e
redis_mode:standalone
os:Darwin 14.1.0 x86_64
arch_bits:64
multiplexing_api:kqueue
gcc_version:4.2.1
process_id:37340
run_id:f4e620a1a89d488b52c8b451aeb7fa46a2715af7
tcp_port:5546
uptime_in_seconds:194
uptime_in_days:0
hz:10
lru_clock:13886159
config_file:

[mattsta]

Yeah, it's broken for input arguments.

Redis checks for 2 arguments after save, but on the command line, the arguments are: 1.) save and 2.) 60 10. Then Redis sees "you only have one argument after save!" and doesn't do anything.

The issue is here: https://github.com/antirez/redis/blob/2ac7b5a8b41bb71fce52c86f9ba420769663609e/src/config.c#L154-L164 — argc == 2 from command line args, not 3.

I guess if argc==2, we could try to split the second argument again, but that seems like more of a hack than a fix (is this a problem with any other arguments too?).

[michael-grunder]

Well the simple solution is just to run it like this:

➜  src git:(unstable) ./redis-server --port 9999 --dir /tmp/ --save 60 10

Then it seems to work properly:

127.0.0.1:9999> config get save
1) "save"
2) "60 10"

That being said, it probably should work even if the argument is quoted. Properly supporting it though (in a non hacky way) probably involves a more formalized argv processing mechanism.

[mattsta]

That's a really good point.

I think I was remembering the docs for CONFIG SET where it mentions things should be quoted:

For instance what in redis.conf looks like:

save 900 1
save 300 10

should be set using CONFIG SET as "900 1 300 10".

[edufelipe]

Thanks a lot for all the feedback. I think not quoting is OK, I was just focused on quoting because the documentation said so.

[Sathyanarayanan-Dhanuskodi]

Hi,

I have created a new Redis. I have configured AWS Lambda functions which will update the Redis key every 5 mins. But in this process, Redis is removing all the keys and replacing those keys with named backup1, backup2, backup3 and backup4

Any know the solution for this?

I am trying to resolve this; it has already been half a day spent and no improvement.

[michael-grunder]

There's nothing in Redis that would do that automatically.

Are you sure it isn't another client making the changes? I'd try using the MONITOR in redis-cli to see what is mutating the database.

Is the server open to the world? This looks like a known Redis exploit:
https://www.mageni.net/vulnerability/redis-server-compromised-by-rediswannamine-attack-108444
https://stackoverflow.com/questions/50264694/my-redis-auto-generated-keys

[Sathyanarayanan-Dhanuskodi]

What....

Hacked.

Man. Really thanks for helping out. Yes, Redis is not yet protected it is open. I created it today only.

Let me protect it first and try.

[Sathyanarayanan-Dhanuskodi]

There's nothing in Redis that would do that automatically.

Are you sure it isn't another client making the changes? I'd try using the MONITOR in redis-cli to see what is mutating the database.

Is the server open to the world? This looks like a known Redis exploit: https://www.mageni.net/vulnerability/redis-server-compromised-by-rediswannamine-attack-108444 https://stackoverflow.com/questions/50264694/my-redis-auto-generated-keys

Hi @michael-grunder . It worked. As you said Redis is compromised I assume. After I protected the Redis with a password, the issue was resolved.

Thanks for your help. You saved my day.