Compare Config Files Side-by-Side Diff

[Unit] Description=Advanced key-value store After=network.target Documentation=http://redis.io/documentation, man:redis-server(1) [Service] Type=notify ExecStart=/usr/bin/redis-server /etc/redis/redis.conf --supervised systemd --daemonize no PIDFile=/run/redis/redis-server.pid TimeoutStopSec=0 Restart=always User=redis Group=redis RuntimeDirectory=redis RuntimeDirectoryMode=2755 UMask=007 PrivateTmp=true LimitNOFILE=65535 PrivateDevices=true ProtectHome=true ProtectSystem=strict ReadWritePaths=-/var/lib/redis ReadWritePaths=-/var/log/redis ReadWritePaths=-/var/run/redis CapabilityBoundingSet= LockPersonality=true MemoryDenyWriteExecute=true NoNewPrivileges=true PrivateUsers=true ProtectClock=true ProtectControlGroups=true ProtectHostname=true ProtectKernelLogs=true ProtectKernelModules=true ProtectKernelTunables=true ProtectProc=invisible RemoveIPC=true RestrictAddressFamilies=AF_INET AF_INET6 AF_UNIX RestrictNamespaces=true RestrictRealtime=true RestrictSUIDSGID=true SystemCallArchitectures=native SystemCallFilter=@system-service SystemCallFilter=~ @privileged @resources # redis-server can write to its own config file when in cluster mode so we # permit writing there by default. If you are not using this feature, it is # recommended that you remove this line. ReadWriteDirectories=-/etc/redis # This restricts this service from executing binaries other than redis-server # itself. This is really effective at e.g. making it impossible to an # attacker to spawn a shell on the system, but might be more restrictive # than desired. If you need to, you can permit the execution of extra # binaries by adding an extra ExecPaths= directive with the command # systemctl edit redis-server.service NoExecPaths=/ ExecPaths=/usr/bin/redis-server /usr/lib /lib [Install] WantedBy=multi-user.target Alias=redis.service