ããã¯ããªã«ãããããŠæžãããã®ïŒ
Redisã®èªèšŒèšå®ã§ããããã¹ã¯ãŒããèšå®ã§ããããšã¯ç¥ã£ãŠããã®ã§ãããRedis 6.0以éã§ã¯ACLã䜿ããããã«ãªã£ãããšã
ç¥ããªãã£ãã®ã§è©ŠããŠã¿ããããªãšã
Redisã®ã»ãã¥ãªãã£
Redisã®ã»ãã¥ãªãã£ã«é¢ããããŒãžã¯ãã¡ãã
äž»ã«ä»¥äžã®ããšãæžãããŠããŸãã
- ãããã¯ãŒã¯ã»ãã¥ãªãã£
- Redisããã€ã³ããããããã¯ãŒã¯ã€ã³ã¿ãŒãã§ãŒã¹ãå¶éãã
- ãããã¯ã·ã§ã³ã¢ãŒã
- Redis 3.2.0以éããã¹ãŠã®ãããã¯ãŒã¯ã€ã³ã¿ãŒãã§ãŒã¹ã«ãã€ã³ãããããã©ã«ãèšå®ã§Redisãèµ·åãããšãããŒã«ã«ä»¥å€ããã®ã¢ã¯ã»ã¹ã«ã¯ãšã©ãŒå¿çãã
- èªèšŒ
- Redis 6.0以éãACLïŒã¢ã¯ã»ã¹ã³ã³ãããŒã«ãªã¹ãïŒã䜿çšå¯èœã«ãªãã现ããæš©éå¶åŸ¡ãå¯èœã«
- ãã¹ã¯ãŒãã®ã¿ã§èªèšŒãã
requirepass
- TLS
- ç¹å®ã®ã³ãã³ãã®çŠæ¢ãæšæž¬ãã«ããååãžã®ãªããŒã
- æªæã®ããå ¥åã«å¯ŸåŠããããã®ãå®è¡ããšã«ããã·ã¥é¢æ°ã«ç䌌ã©ã³ãã ã·ãŒãã䜿ã
- æååãšã¹ã±ãŒããšNoSQLã€ã³ãžã§ã¯ã·ã§ã³ïŒåºæ¬çã«äžå¯èœïŒ
ä»åã¯ããã®ãã¡èªèšŒããšãããACLã«çŠç¹ãåœãŠãŠãããããšæããŸãã
ACLã®æŠèŠ
Redisã®ACLã«é¢ããããŒãžã¯ãã¡ãã
Redisã®ACLïŒAccess Control ListïŒã¯ãå®è¡ã§ããã³ãã³ããšã¢ã¯ã»ã¹ã§ããããŒã«å¯ŸããŠç¹å®ã®æ¥ç¶ãå¶éã§ããæ©èœã§ãã
The Redis ACL, short for Access Control List, is the feature that allows certain connections to be limited in terms of the commands that can be executed and the keys that can be accessed.
Redisã«æ¥ç¶ããåŸã«ãŠãŒã¶ãŒåãšãã¹ã¯ãŒããæå®ããå¿ èŠãããããã§ãã
The way it works is that, after connecting, a client is required to provide a username and a valid password to authenticate.
èªèšŒãæåãããšããã®æ¥ç¶ã¯ç¹å®ã®ãŠãŒã¶ãŒãšãã®å¶éã«é¢é£ä»ããããŸãã
If authentication succeeded, the connection is associated with a given user and the limits the user has.
Redisã¯æ°ããæ¥ç¶ããããã©ã«ãã®ãŠãŒã¶ãŒããšããŠèªèšŒã§ããããã«èšå®ã§ããããã©ã«ããŠãŒã¶ãŒãèšå®ãããšæ瀺çã«èªèšŒãããŠããªããŠãŒã¶ãŒã«ã¯æ©èœã®ãµãã»ãããæäŸããããšãã§ããŸããããã¯å¯äœçšãšãããŠããããã§ããã
Redis can be configured so that new connections are already authenticated with a "default" user (this is the default configuration). Configuring the default user has, as a side effect, the ability to provide only a specific subset of functionalities to connections that are not explicitly authenticated.
ããã©ã«ãã§ã¯äžäœäºææ§ã®ãããæ°ããæ¥ç¶ã¯ãã¹ãŠã®ã³ãã³ããå®è¡ã§ãããã¹ãŠã®ããŒã«ã¢ã¯ã»ã¹å¯èœã§ãã
In the default configuration, Redis 6 (the first version to have ACLs) works exactly like older versions of Redis. Every new connection is capable of calling every possible command and accessing every key, so the ACL feature is backward compatible with old clients and applications.
requirepassã§ãã¹ã¯ãŒããèšå®ããæ¹æ³ã¯åŸæ¥ã®å€ãæ¹æ³ãšãããããã¯ããã©ã«ããŠãŒã¶ãŒã®ãã¹ã¯ãŒããšããŠæ¯ãèãããã§ãã
Also the old way to configure a password, using the requirepass configuration directive, still works as expected. However, it now sets a password for the default user.
èªèšŒ
Redisnã®èªèšŒã«ã¯AUTHã³ãã³ãã䜿ããŸãã
圢åŒãšããŠã¯ãŠãŒã¶ãŒåãšãã¹ã¯ãŒããæå®ããã®ã§ããã
AUTH <username> <password>
å€ã圢åŒã§ã¯ãã¹ã¯ãŒãã®ã¿ãšãªããŸãã
AUTH <password>
ããã¯ãããã©ã«ããŠãŒã¶ãŒã«å¯ŸããèªèšŒãæå³ããŸãã
ACLã®èšå®æ¹æ³
ACLã®èšå®æ¹æ³ã¯ã以äžã®3ã€ããããŸãã
ACL SETUSERã³ãã³ã- èšå®ãã¡ã€ã«å
ã®
userãã£ã¬ã¯ãã£ãã§æå® - èšå®ãã¡ã€ã«å
ã®
aclfileãã£ã¬ã¯ãã£ãã§ãå€éšãã¡ã€ã«ãæå®
userãã£ã¬ã¯ãã£ãã䜿ãå ŽåãACL SETUSERã³ãã³ãã§æå®ããå
容ãèšè¿°ããããšã«ãªãããã§ãããŸãuserãã£ã¬ã¯ãã£ããš
aclfileãã£ã¬ã¯ãã£ãã¯ã©ã¡ããçæ¹ã®ã¿ã䜿çšå¯èœã®ããã§ãã
ãŠãŒã¶ãŒãå°ãªããªã©åçŽãªå Žåã¯userãã£ã¬ã¯ãã£ãã䜿ããè€æ°ã®ãŠãŒã¶ãŒã䜿ããªã©è€éãªå Žåã¯aclfileãã£ã¬ã¯ãã£ãã䜿ãããšã«
ãªãããã§ãã
ããããã¯ãå®éã®Redisã䜿ãã€ã€èšå®æ¹æ³ãåäœãèŠãŠããããšæããŸãã
ç°å¢
ä»åã®ç°å¢ã¯ããã¡ãã
$ bin/redis-server --version Redis server v=7.2.1 sha=00000000:0 malloc=jemalloc-5.3.0 bits=64 build=81a2b5148e5873e4
Redis 7.2.1ã§ãµãŒããŒãšã¯ã©ã€ã¢ã³ããç°ãªããã¹ãã§çšæããŸãããµãŒããŒåŽã¯172.17.0.2ãšããŸãã
OSã¯Ubuntu Linux 22.04 LTSã§ãã
$ cat /etc/os-release PRETTY_NAME="Ubuntu 22.04.3 LTS" NAME="Ubuntu" VERSION_ID="22.04" VERSION="22.04.3 LTS (Jammy Jellyfish)" VERSION_CODENAME=jammy ID=ubuntu ID_LIKE=debian HOME_URL="https://www.ubuntu.com/" SUPPORT_URL="https://help.ubuntu.com/" BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/" PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy" UBUNTU_CODENAME=jammy $ uname -srvmpio Linux 5.15.0-83-generic #92-Ubuntu SMP Mon Aug 14 09:30:42 UTC 2023 x86_64 x86_64 x86_64 GNU/Linux
ACLã®èšæ³
ACLã®èšæ³ã¯ã以äžã«æžãããŠããŸãã
以äžã®èšè¿°ãã§ããããã§ãã
- ãŠãŒã¶ãŒã®æå¹åïŒç¡å¹å
onãoff
- ã³ãã³ãã®èš±å¯ãŸãã¯çŠæ¢
- ã³ãã³ãåäœã®èš±å¯ïŒ
+<command>ïŒãã³ãã³ãåäœã®çŠæ¢ïŒ-<command>ïŒ - ã«ããŽãªãŒåäœã§ã®ã³ãã³ãã®èš±å¯ïŒ
+@<category>ïŒãã«ããŽãªãŒåäœã§ã®ã³ãã³ãã®çŠæ¢ïŒ-@<category>ïŒ- ã«ããŽãªãŒã¯
@adminã@setã@sortedsetãªã©ããããACL CATã§ç¢ºèªå¯èœ @allã¯ç¹æ®ãªã«ããŽãªãŒã§ãçŸåšããã³ã¢ãžã¥ãŒã«ãéããŠå°æ¥ããŒãããããã¹ãŠã®ã³ãã³ããå«ãŸãã
- ã«ããŽãªãŒã¯
- çŠæ¢ãããŠããã³ãã³ãã®ç¹å®ã®æåã®åŒæ°ã®èš±å¯ïŒ
+<command>|first-argïŒ allcommandsïŒ+@allã®ãšã€ãªã¢ã¹ïŒnocommandsïŒ-@allã®ãšã€ãªã¢ã¹ïŒ
- ã³ãã³ãåäœã®èš±å¯ïŒ
- ããŒã«å¯Ÿããèš±å¯ãŸãã¯çŠæ¢
- ã³ãã³ãã®äžéšãšããŠæå®ã§ããããŒã®ãã¿ãŒã³ïŒ
~<pattern>ïŒ~*ã¯ãã¹ãŠã®ããŒ- ãšã€ãªã¢ã¹ãšããŠ
%RW~<pattern>
- æå®ãããããŒã®ãã¿ãŒã³ã«å¯ŸããŠèªã¿èŸŒã¿ãèš±å¯ããïŒ
%R~<pattern>ïŒ - æå®ãããããŒã®ãã¿ãŒã³ã«å¯ŸããŠæžã蟌ã¿ãèš±å¯ããïŒ
%W~<pattern>ïŒ allkeysïŒ~*ã®ãšã€ãªã¢ã¹ïŒ- èš±å¯ãããããŒãã¿ãŒã³ã®ãªã¹ãããã©ãã·ã¥ããïŒ
resetkeysïŒ
- ã³ãã³ãã®äžéšãšããŠæå®ã§ããããŒã®ãã¿ãŒã³ïŒ
- PubïŒSubãã£ã³ãã«ã«å¯Ÿããèš±å¯ãŸãã¯çŠæ¢
- ãŠãŒã¶ãŒãã¢ã¯ã»ã¹ã§ããPubïŒSubãã£ã³ãã«ãglobã¹ã¿ã€ã«ã®ãã¿ãŒã³ã§è¿œå ïŒ
&<pattern>ïŒ allchannelsïŒãŠãŒã¶ãŒããã¹ãŠã®PubïŒSubãã£ã³ãã«ã«ã¢ã¯ã»ã¹ã§ããããã«ãããšã€ãªã¢ã¹ïŒ- èš±å¯ããããã£ã³ãã«ãã¿ãŒã³ã®ãªã¹ãããã©ãã·ã¥ããïŒ
resetchannelsïŒ
- ãŠãŒã¶ãŒãã¢ã¯ã»ã¹ã§ããPubïŒSubãã£ã³ãã«ãglobã¹ã¿ã€ã«ã®ãã¿ãŒã³ã§è¿œå ïŒ
- ãŠãŒã¶ãŒã®ãã¹ã¯ãŒããæå®
- æå¹ãªãã¹ã¯ãŒããæå®ïŒ
><password>ïŒ - æå¹ãªãã¹ã¯ãŒããã®ãªã¹ãããåé€ããïŒ
<<password>ïŒ - SHA-256ããã·ã¥å€ãæå¹ãªãã¹ã¯ãŒããšããŠæå®ïŒ
#<hash>ïŒ - æå®ãããSHA-256ããã·ã¥å€ãæå¹ãªãã¹ã¯ãŒãã®ãªã¹ãããåé€ããïŒ
!<hash>ïŒ - ãŠãŒã¶ãŒã«èšå®ãããŠãããã¹ãŠã®ãã¹ã¯ãŒããåé€ããã察象ã®ãŠãŒã¶ãŒã¯ãã¹ã¯ãŒãäžèŠãšããŠæ±ãããïŒ
nopassïŒ - èš±å¯ããããã¹ã¯ãŒãã®ãªã¹ãããã©ãã·ã¥ããïŒ
resetpassïŒ
- æå¹ãªãã¹ã¯ãŒããæå®ïŒ
- ãŠãŒã¶ãŒã®ã»ã¬ã¯ã¿ãŒãæ§æ
- ãŠãŒã¶ãŒããªã»ãã
ã¡ãã£ãšæ å ±éãå€ãããŠããããããŸãããâŠãå ·äœçãªäŸãèŠãŠãã£ãæ¹ãè¯ãããã§ãã
äŸãšããŠã¯ãããªæãã¿ããã§ãã
ACL SETUSER antirez on +@all -@dangerous >42a979... ~*
ãŸãã以äžãèŠããš
> ACL LIST 1) "user default on nopass ~* &* +@all"
æåã¯ãŠãŒã¶ãŒåã§ããã®åŸã«ACLïŒã«ãŒã«ïŒãç¶ãããšã«ãªããŸãã
The first two words in each line are "user" followed by the username. The next words are ACL rules that describe different things.
ACL / Configure ACLs with the ACL command
ãŸããACLã¯å·Šããå³ã«åŠçãããããã§ããèšå®ãã¡ã€ã«ã«äŸãæžãããŠããŸãã
# # Basically ACL rules are processed left-to-right. #
https://raw.githubusercontent.com/redis/redis/7.2/redis.conf
ããšãã°ã以äžã®äŸã ãšãŠãŒã¶ãŒaliceã¯ãDEBUGãé€ããã¹ãŠã®ã³ãã³ãã䜿çšã§ããããšã«ãªããŸãã
# user alice on +@all -DEBUG ~* >somepassword # # This will allow "alice" to use all the commands with the exception of the # DEBUG command, since +@all added all the commands to the set of the commands # alice can use, and later DEBUG was removed.
ãã®é çªãå
¥ãæ¿ãããšã-DEBUGããã®åŸã®+@allã«æã¡æ¶ãããã®ã§ãã¹ãŠã®ã³ãã³ãã䜿ããããšã«ãªããŸãã
# However if we invert the order of two ACL rules the result will be different: # # user alice on -DEBUG +@all ~* >somepassword # # Now DEBUG was removed when alice had yet no commands in the set of allowed # commands, later all the commands are added, so the user will be able to # execute everything.
è©ŠããŠã¿ã
ããããã¯ãå®éã«è©ŠããŠã¿ãŸãããã
RedisãµãŒããŒãèµ·åããŸãã
$ bin/redis-server
ä»ã®ãã¹ãããCLIããæ¥ç¶ã
$ bin/redis-cli -h 172.17.0.2 172.17.0.2:6379>
å€éšããæ¥ç¶ããŠããã€èªèšŒããŠããªãã®ã§ãªã«ãã§ããŸããããããã¯ã·ã§ã³ã¢ãŒãã§ããã
172.17.0.2:6379> set key1 value1 (error) DENIED Redis is running in protected mode because protected mode is enabled and no password is set for the default user. In this mode connections are only accepted from the loopback interface. If you want to connect from external computers to Redis you may adopt one of the following solutions: 1) Just disable protected mode sending the command 'CONFIG SET protected-mode no' from the loopback interface by connecting to Redis from the same host the server is running, however MAKE SURE Redis is not publicly accessible from internet if you do so. Use CONFIG REWRITE to make this change permanent. 2) Alternatively you can just disable the protected mode by editing the Redis configuration file, and setting the protected mode option to 'no', and then restarting the server. 3) If you started the server manually just for testing, restart it with the '--protected-mode no' option. 4) Set up an authentication password for the default user. NOTE: You only need to do one of the above things in order for the server to start accepting connections from the outside.
ãã®ãŸãŸã ãšæäœã§ããªãã®ã§ã1床ãµãŒããŒåŽã®ããŒã«ã«ã§æ¥ç¶ã
$ bin/redis-cli 127.0.0.1:6379>
ACL LISTã§çŸåšã®ãŠãŒã¶ãŒã確èªã§ããŸãã
127.0.0.1:6379> acl list 1) "user default on nopass sanitize-payload ~* &* +@all"
ããã©ã«ããŠãŒã¶ãŒã®ã¿ãããŸãããæå¹ãªãŠãŒã¶ãŒã§ãã¹ãŠã®ããŒããã£ã³ãã«ã«ã¢ã¯ã»ã¹ã§ãããã¹ãŠã®ã³ãã³ãã䜿ããŸãã
ãã¹ã¯ãŒããèšå®ãããŠããŸããã
ãŠãŒã¶ãŒãè¿œå ããŠã¿ãŸããããACL SETUSERã§è¿œå ããŸãã
管çãŠãŒã¶ãŒçãªãã®ãè¿œå ã
127.0.0.1:6379> acl setuser redis-admin on >admin-password ~* &* +@all OK
ãŠãŒã¶ãŒåã¯redis-adminããã¹ã¯ãŒãã¯admin-passwordã§ãã
確èªã
127.0.0.1:6379> acl list 1) "user default on nopass sanitize-payload ~* &* +@all" 2) "user redis-admin on sanitize-payload #8e70fdbd0400b7a21539fd15fb4ab86c129f7cbd99261dbb0d95c18df8dec177 ~* &* +@all"
å¥ã®ãµãŒããŒããæ¥ç¶ããŠã¿ãŸãããã
172.17.0.2:6379> auth redis-admin admin-password (error) DENIED Redis is running in protected mode because protected mode is enabled and no password is set for the default user. In this mode connections are only accepted from the loopback interface. If you want to connect from external computers to Redis you may adopt one of the following solutions: 1) Just disable protected mode sending the command 'CONFIG SET protected-mode no' from the loopback interface by connecting to Redis from the same host the server is running, however MAKE SURE Redis is not publicly accessible from internet if you do so. Use CONFIG REWRITE to make this change permanent. 2) Alternatively you can just disable the protected mode by editing the Redis configuration file, and setting the protected mode option to 'no', and then restarting the server. 3) If you started the server manually just for testing, restart it with the '--protected-mode no' option. 4) Set up an authentication password for the default user. NOTE: You only need to do one of the above things in order for the server to start accepting connections from the outside.
ãªããšæãããŠããŸããŸããã
ã¡ãã»ãŒãžãèªããšããããã¯ã·ã§ã³ã¢ãŒããç¡å¹åããããããã©ã«ããŠãŒã¶ãŒã®ãã¹ã¯ãŒããèšå®ããããã«èšãããŠããŸãã
ã§ã¯ãããã©ã«ããŠãŒã¶ãŒã®ãã¹ã¯ãŒããèšå®ããŠã¿ãŸãã
127.0.0.1:6379> acl setuser default >default-password ~* &* +@all OK
ä»åºŠã¯ãå¥ãµãŒããŒãããã°ã€ã³ã§ããããã«ãªããŸããã
172.17.0.2:6379> auth redis-admin admin-password OK
ãã¹ã¯ãŒãã誀ããšããããªããŸããã
172.17.0.2:6379> auth redis-admin wrong (error) WRONGPASS invalid username-password pair or user is disabled.
ããå°ãè©ŠããŠã¿ãŸãããã
èªã¿æžãã§ãããŠãŒã¶ãŒãèªã¿åãå°çšã®ãŠãŒã¶ãŒãè¿œå ã
127.0.0.1:6379> acl setuser read-write-user on >password +@read +@write ~* OK 127.0.0.1:6379> acl setuser read-only-user on >password +@read ~* OK
PubïŒSubãã£ã³ãã«ã¯ä»åã¯å€ããŸããã
確èªã
127.0.0.1:6379> acl list 1) "user default on sanitize-payload #dd9038e72e23e8c6375f050b606ac31ee596443015d385dc8f25f15516464919 ~* &* +@all" 2) "user read-only-user on sanitize-payload #5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 ~* &* -@all +@read" 3) "user read-write-user on sanitize-payload #5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8 ~* &* -@all +@read +@write" 4) "user redis-admin on sanitize-payload #8e70fdbd0400b7a21539fd15fb4ab86c129f7cbd99261dbb0d95c18df8dec177 ~* &* +@all"
ä»ã®ãµãŒããŒããæ¥ç¶ããŠã確èªããŠã¿ãŸãããã
èªã¿æžãã
172.17.0.2:6379> auth read-write-user password OK 172.17.0.2:6379> set key1 value1 OK 172.17.0.2:6379> get key1 "value1"
èªã¿åãå°çšã
172.17.0.2:6379> auth read-only-user password OK 172.17.0.2:6379> get key1 "value1" 172.17.0.2:6379> set key1 value1 (error) NOPERM User read-only-user has no permissions to run the 'set' command
OKã§ããã
次ã¯ãããŒã«å¯ŸããŠå¶éããããŠã¿ãŸãããã
127.0.0.1:6379> acl setuser a-prefix-user on >password +@read +@write ~a-* OK 127.0.0.1:6379> acl setuser b-prefix-user on >password +@read +@write ~b-* OK
a-ãb-ã§å§ãŸãããŒã®ã¿ã«ã¢ã¯ã»ã¹ã§ãããŠãŒã¶ãŒãããããè¿œå ã
a-ã§å§ãŸãããŒã®ã¿ã«ã¢ã¯ã»ã¹ã§ãããŠãŒã¶ãŒã§ç¢ºèªã
172.17.0.2:6379> auth a-prefix-user password OK 172.17.0.2:6379> set a-key1 value1 OK 172.17.0.2:6379> get a-key1 "value1" 172.17.0.2:6379> set b-key1 value1 (error) NOPERM No permissions to access a key 172.17.0.2:6379> get b-key1 (error) NOPERM No permissions to access a key
b-ã§å§ãŸãããŒã®ã¿ã«ã¢ã¯ã»ã¹ã§ãããŠãŒã¶ãŒã§ç¢ºèªã
172.17.0.2:6379> auth b-prefix-user password OK 172.17.0.2:6379> set b-key1 value1 OK 172.17.0.2:6379> get b-key1 "value1" 172.17.0.2:6379> set a-key1 value1 (error) NOPERM No permissions to access a key 172.17.0.2:6379> get a-key1 (error) NOPERM No permissions to access a key
OKã§ãããé°å²æ°ã¯ã ãããããããŸããã
èšå®ãã¡ã€ã«ã«æžããŠã¿ã
次ã¯ãèšå®ãã¡ã€ã«ã«æžããŠã¿ãŸãããã
ãããªãã¡ã€ã«ãäœæã
conf/redis.conf
user default off user redis-admin on >admin-password ~* &* +@all user read-write-user on >password +@read +@write ~* user read-only-user on >password +@read ~*
defaultãŠãŒã¶ãŒãèšå®ããªããšãä»ã®ãµãŒããŒããæ¥ç¶ã§ããªãïŒãããã¯ã·ã§ã³ã¢ãŒããæå¹ãªã®ã§ïŒã®ã¯å€ãããã§ãã
ç¹ã«äœ¿ããªãã®ãªãããŠãŒã¶ãŒãšããŠç¡å¹ã«ããŠãããŠãããæ°ãããŸãã
ãã®èšå®ãã¡ã€ã«ãæå®ããŠRedisãµãŒããŒãèµ·åã
$ bin/redis-server conf/redis.conf
ä»ã®ãµãŒããŒããã¢ã¯ã»ã¹ã
$ bin/redis-cli -h 172.17.0.2 172.17.0.2:6379> auth redis-admin admin-password OK 172.17.0.2:6379> set key1 value1 OK 172.17.0.2:6379> get key1 "value1"
OKã§ãããããã§ãã ããã䜿ãæ¹ãããã£ãæ°ãããŸãã
ãªããä»åã¯ã»ã¬ã¯ã¿ãŒã¯é€å€ããŠããŸãã
ACLã®ã«ããŽãªãŒ
ä»åã¯ã³ãã³ãåäœã§ã¯ãªããã«ããŽãªãŒãæå®ããŠACLãèšå®ããŸããã
ã«ããŽãªãŒã®äžèŠ§ã¯ãACL CATã³ãã³ãã§ç¢ºèªã§ããŸãã
127.0.0.1:6379> acl cat 1) "keyspace" 2) "read" 3) "write" 4) "set" 5) "sortedset" 6) "list" 7) "hash" 8) "string" 9) "bitmap" 10) "hyperloglog" 11) "geo" 12) "stream" 13) "pubsub" 14) "admin" 15) "fast" 16) "slow" 17) "blocking" 18) "dangerous" 19) "connection" 20) "transaction" 21) "scripting"
ã«ããŽãªãŒã®æå³ãå«ãŸããã³ãã³ãã®ã€ã¡ãŒãžã¯ã以äžã«æžãããŠããŸãã
ãªã®ã§ãããåã³ãã³ãã®ããã¥ã¡ã³ãã«ã©ã®ã«ããŽãªãŒã«å«ãŸããã®ããæžãããŠããã®ã§ããã¡ããèŠãŠãããããã§ããã
ããšãã°ãSETã³ãã³ããªããã®ããã«æžãããŠããŸãã
ãããã«
Redisã®ACLãè©ŠããŠã¿ãŸããã
ä»ãŸã§ããã©ã«ããŠãŒã¶ãŒã«ãã¹ã¯ãŒããèšå®ããããšããç¥ããªãã£ãã®ã§ããã€ã®éã«ãããããé²ãã§ãããã ãªãšããæ°åã«
ãªããŸããã
å®éã«äœ¿ãæã«ã¯ã¡ãããšèšå®ããªããšãããªãå 容ã ãšæãã®ã§ãèŠããŠãããŸãããã
