那些遇到过的问题

Phusion Passenger无法以root用户身份运行-警告:潜在的特权升级漏洞

Sza*_*bik 1 production ruby-on-rails apache2 vps passenger

嗨,我正在尝试通过乘客和apache2将我的rails应用程序部署到VPS,但是我收到了错误消息

   [ W 2018-02-14 21:02:37.0342 9640/T1 age/Cor/CoreMain.cpp:969 ]: WARNING: potential privilege escalation vulnerability. Phusion Passenger is running as root, and part(s) of the passenger root path (/home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/gems/passenger-5.2.0) can be changed by non-root user(s):
    The path "/home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/gems/passenger-5.2.0" can be modified by user "deploy" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.
    The path "/home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/gems/passenger-5.2.0" is writeable by any user (or application). Limit write access on the path to only the root user/group.
    The path "/home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/gems" can be modified by user "deploy" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.
    The path "/home/deploy/.rvm/gems/ruby-2.4.1@spelld.it" can be modified by user "deploy" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.
    The path "/home/deploy/.rvm/gems" can be modified by user "deploy" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.
    The path "/home/deploy/.rvm" can be modified by user "deploy" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.
    The path "/home/deploy" can be modified by user "deploy" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.
Run Code Online (Sandbox Code Playgroud)

我尝试更改权限,但无法使用

sudo chmod 700 /home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/gems/passenger-5.2.0
Run Code Online (Sandbox Code Playgroud) 

sudo chown root:root /home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/gems/passenger-5.2.0
Run Code Online (Sandbox Code Playgroud)

我什至发现有相同问题的问题,但我不知道如何解决。。。如何避免Phusion Passenger以root身份运行?

Hon*_*gli 6

乘客作者在这里。您可以做的另一件事是使用root用户而不是用户“ deploy”来安装RVM Ruby和Passenger。这样,您的Ruby安装和Passenger安装由root拥有,并且您不会看到此警告。

甚至更好:使用我们的本地Debian / Ubuntu / CentOS软件包。

归档时间:

查看次数:

1699 次

最近记录:

6 年,11 月 前
相关归档
Rails ActiveRecord之间的日期 160
rails将字符串转换为数字 51
Ruby on Rails中的OpenID身份验证 23
在Ubuntu 11.04服务器中为postgresql启用PHP支持 21
如何使用RVM卸载ruby和gem? 20
在使用Jails时从Rails变量中转义引号? 15
桌面应用程序框架类似于Rails 14
如何从浏览器中的源中删除webpack:// 4
乘客无法识别应用程序:来自 Phusion 的消息:结束时间不能早于或等于开始时间 4
使用PHP和.htaccess进行url路由 0
难疑归档
如何检查jQuery中是否选中了复选框? 4390
如何从列表列表中制作一个平面列表? 2950
什么是TypeScript,为什么我会用它代替JavaScript? 1637
C#在foreach中重用变量是否有原因? 1631
使用jQuery将表单数据转换为JavaScript对象 1580
C#中两个问号共同意味着什么? 1540
application/x-www-form-urlencoded或multipart/form-data? 1268
检查Bash shell脚本中是否存在输入参数 1223
"静态"在C中意味着什么? 1062
什么是首选的Bash shebang? 1051