I have a multi VM Windows (Server 2019) solution, hosted in a datacentre, with services which require a Redis cache. Due to security concerns, the Windows fork of Redis is not allowable. Therefore, I have a Redis installation on a RHEL 7 server.
We have a network share on one of our Windows machines which contains various configuration files for the solution, as well as backups. It is to this share that I configured Redis to write out its dump.rdb file every 20 minutes (or so many changes), using a CIFS mounted share with service user AD domain credentials (having administrative privileges on the share server).
This set up had been working perfectly for about 2 months. Last night around midnight the Redis backup started failing. Permissions denied on the dump.rdb file. On investigation, it seems the ACL permissions in Windows cannot be viewed (You Must Have Read Permissions to view the Properties of This Object
), and operations (Rename, Copy, Move, Delete etc.) all fail with access denied - even from an elevated command prompt. On Linux, ls -l
shows full rwx permissions for all users, but any attempt to access the file returns an error saying that no such file exists.
So there is nothing we can do with this file. We cannot get rid of it. For the time being, we have told Redis to dump to a different folder, but who knows whether/when that file will get corrupted permissions too.
Attempts to google the issue have come up with nothing which is relevant to our specific issue. Is there anything we can do to remove the dump file? Something to override permissions? Also, is there any known issue with CIFS that can cause this kind of error? Perhaps I have things configured incorrectly. Here is my cifs mount entry in the fstab file:
//<ServerIP>/DataShare /mnt/DataShare cifs _netdev,credentials=/root/.credfile,dir_mode=0777,file_mode=0777 0 0
The .credfile is as follows:
username=svc_user
password=<password>
domain=mydomain
Couple of things I could think of if you want to delete the original file now
Is the read-only flag set on the file?
get-childitem -ReadOnly
Can you use psexec and runas to get yourself a CMD prompt running as the SYSTEM user on your file server, then use that to delete the file?
psexec -s -i cmd.exe