redis多用户管理

最近在学redis，由于笔者是学运维的，所以推荐学习运维的小伙伴参考，希望对大家有帮助！

redis运维上篇:http://t.csdnimg.cn/MfPud

redis运维下篇:http://t.csdnimg.cn/83sQ1

从redis6开始，默认用户名为default，之前的版本不存在用户名

列出所有用户，默认只有default为超级用户，拥有所有的权限
>acl list
"user default on #9cd9ab402f4115ed9921a7e4f7fc89330c8fe9283a8b1cdef203f7a7e622c68f ~* &* +@all"

>acl getuser default  #查看default用户的相关信息
1) "flags"
 1) "on"
    2) "allkeys"
    3) "allchannels"
    4) "allcommands"
 3) "passwords"


>acl cat  #查看权限
1) "keyspace"
 2) "read"
 3) "write"
 4) "set"
 5) "sortedset"
 6) "list"
 7) "hash"

实例1:创建test用户只给一个get命令权限、读权限、并且只能get是name开头的key:name*

127.0.0.1:6379> set name1 n1
OK
127.0.0.1:6379> set name2 n2
OK
127.0.0.1:6379> set name3 n3
OK
127.0.0.1:6379> set k1 v1
OK
127.0.0.1:6379> set k2 v2
OK
127.0.0.1:6379> acl setuser test on >testpwd ~name* +get		#创建test用户，密码:testpwd 只对name开头的有get权限
OK
127.0.0.1:6379> acl setuser test on >testpwd ~name* +@read	#增加read权限
OK

登录验证:
[root@bogon ~]# redis-cli --user test --pass testpwd    #test用户登录
127.0.0.1:6379> get name1
"n1"
127.0.0.1:6379> get name2
"n2"
127.0.0.1:6379> get name3
"n3"
127.0.0.1:6379> get k1
(error) NOPERM this user has no permissions to access one of the keys used as arguments
127.0.0.1:6379> get k2
(error) NOPERM this user has no permissions to access one of the keys used as arguments

实例2:创建用户赋值给所有权限

127.0.0.1:6379> acl setuser test1 on >test1pwd ~* +@all	#给用户test1添加所有权限
OK
127.0.0.1:6379> acl getuser test1	#查看test1的权限
[root@bogon ~]# redis-cli
验证权限
127.0.0.1:6379> auth test1 test1pwd
OK
127.0.0.1:6379> get k1
"v1"

实例3:去除config命令后的权限

127.0.0.1:6379> acl setuser test2 on >test2pwd ~* +@all -config		#去除test2的config权限
OK
验证权限
127.0.0.1:6379> auth test2 test2pwd
OK
127.0.0.1:6379> config get requirepass	#获取不到config权限
(error) NOPERM this user has no permissions to run the 'config' command or its subcommand
127.0.0.1:6379> keys *
1) "name3"
2) "name2"
3) "name1"
4) "k2"
5) "k1"

实例4:创建一个用户，只给info和monitor权限

127.0.0.1:6379> acl setuser monitor on >monitorpwd ~* +info +monitor
OK
权限验证
127.0.0.1:6379> auth monitor monitorpwd
OK
127.0.0.1:6379> keys *
(error) NOPERM this user has no permissions to run the 'keys' command or its subcommand
127.0.0.1:6379> get k1
(error) NOPERM this user has no permissions to run the 'get' command or its subcommand
127.0.0.1:6379> info
# Server
redis_version:6.2.1
redis_git_sha1:00000000
redis_git_dirty:0
redis_build_id:c9de016bf71cd57f
redis_mode:standalone

命令小结:
列出所有用户:
>acl list

删除用户:
>acl deluser test1

让命令永久生效
>config rewrite