Phusion Passenger无法以root用户身份运行-警告:潜在的特权升级漏洞
[英]Phusion Passenger can't run as root - WARNING: potential privilege escalation vulnerability
问题描述
Hi I'm trying to deploy my rails app to VPS via passenger and apache2 but im getting error 
嗨,我正在尝试通过乘客和apache2将我的rails应用程序部署到VPS,但是我收到错误
[ W 2018-02-14 21:02:37.0342 9640/T1 age/Cor/CoreMain.cpp:969 ]: WARNING: potential privilege escalation vulnerability. Phusion Passenger is running as root, and part(s) of the passenger root path (/home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/gems/passenger-5.2.0) can be changed by non-root user(s):
The path "/home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/gems/passenger-5.2.0" can be modified by user "deploy" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.
The path "/home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/gems/passenger-5.2.0" is writeable by any user (or application). Limit write access on the path to only the root user/group.
The path "/home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/gems" can be modified by user "deploy" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.
The path "/home/deploy/.rvm/gems/ruby-2.4.1@spelld.it" can be modified by user "deploy" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.
The path "/home/deploy/.rvm/gems" can be modified by user "deploy" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.
The path "/home/deploy/.rvm" can be modified by user "deploy" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.
The path "/home/deploy" can be modified by user "deploy" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.
I try to change privileges but it didnt work with 我尝试更改权限,但无法使用
sudo chmod 700 /home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/gems/passenger-5.2.0
and 和
sudo chown root:root /home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/gems/passenger-5.2.0
i even find issue with the same problem but i dont know how to fix it ... How can I avoid Phusion Passenger running as root? 我什至发现有相同问题的问题,但我不知道如何解决。。。 如何避免Phusion Passenger以root身份运行?
2 个解决方案
解决方案1
6 2018-03-12 07:45:52
Passenger author here. 乘客作者在这里。 Another thing you can do is to install your RVM Ruby as well as Passenger with root, instead of as user "deploy". 您可以做的另一件事是使用root用户而不是用户“ deploy”来安装RVM Ruby和Passenger。 That way your Ruby installation and Passenger installation are owned by root and you won't see this warning. 这样,您的Ruby安装和Passenger安装由root拥有,并且您不会看到此警告。
Or even better: use our native Debian/Ubuntu/CentOS packages. 甚至更好:使用我们的本地Debian / Ubuntu / CentOS软件包。
解决方案2
1 2019-01-17 17:26:48
I also wanted to offer some insight. 我也想提供一些见解。 @ Hongli's answer isn't all of it. @ Hongli的答案还不是全部。 @ Taryn East is correct. @ Taryn East是正确的。 Even if you chown every dir you also need to chmod every dir in order for Passenger to work correctly. 即使您对每个目录都进行了chown,也需要对每个目录进行chmod才能使Patient正常工作。
In your example you need to: 在您的示例中,您需要:
chmod 700 /home/deploy/.rvm
chmod 700 /home/deploy/.rvm/gems/
chmod 700 /home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/
chmod 700 /home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/gems/
chmod 700 /home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/gems/passenger-5.2.0
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.