[英]Erroneous “Insecure world writable dir foo in PATH” when running ruby script
When I run a ruby script, it gives me this: 当我运行一个ruby脚本时,它给了我这个:
[nathanb@nathanb-box ~] myscript .
/u/nathanb/bin/myscript:173: warning: Insecure world writable dir /usr/software/test/bin in PATH, mode 043777
/u/nathanb/bin/myscript:74: warning: Insecure world writable dir /usr/software/test/bin in PATH, mode 043777
/u/nathanb/bin/myscript:79: warning: Insecure world writable dir /usr/software/test/bin in PATH, mode 043777
This message is erroneous, because /usr/software is mounted read-only: 此消息是错误的,因为/ usr / software是只读安装的:
software:/vol/software/ on /usr/software type nfs (ro,noatime,intr,rsize=32768,wsize=32768,timeo=600,nolock,addr=10.60.132.45,nfsvers=3,proto=tcp,mountproto=udp)
And I can verify this: 我可以验证一下:
nathanb@nathanb-box /usr/software/test/bin] touch foo
touch: cannot touch `foo': Read-only file system
I believe my mount point has the correct permissions: 我相信我的挂载点具有正确的权限:
[nathanb@nathanb-box /usr] ls -ld /usr/software
drwxr-xr-x 27 root root 4096 2010-09-10 17:12 /usr/software
So two questions: 有两个问题:
We had this situation at work, and although it would be nice to just fix the permissions, that wasn't possible in our environment. 我们正在处理这种情况,尽管只修复权限会很好,但是在我们的环境中这是不可能的。 Instead, I created the following wrapper script for ruby that suppresses the error.
相反,我为ruby创建了以下包装脚本,以抑制错误。
#!/bin/bash
(ruby.orig "$@" 3>&1 1>&2 2>&3 | grep -v 'Insecure world writable dir'; exit ${PIPESTATUS[0]}) 3>&1 1>&2 2>&3
Just rename the ruby executable to ruby.orig and drop this script into the ruby bin directory in it's place. 只需将ruby可执行文件重命名为ruby.orig并将此脚本放入其所在的ruby bin目录中即可。
See this excellent explanation for how this works. 有关此工作原理的详细说明 , 请参见 。
Another fix for this issue (which avoids the wrapper script) is to compile Ruby with CPPFLAGS="-D ENABLE_PATH_CHECK=0"
set when you run ./configure
. 解决此问题的另一种方法(避免使用包装器脚本)是在运行
./configure
时使用设置为CPPFLAGS="-D ENABLE_PATH_CHECK=0"
Ruby进行CPPFLAGS="-D ENABLE_PATH_CHECK=0"
。
You could shut off all warnings with 您可以通过关闭所有警告
> ruby -W0 ...
But that may hide other issues. 但这可能隐藏其他问题。 and you did say you want only that specific warning hidden, and I don't think there is a way to do it other than fix the issue, which I think is due to the NFS mount not properly relaying the actual mask.
而且您确实说过只希望隐藏该特定警告,并且我认为除了解决该问题外,没有其他方法可以解决此问题,我认为这是由于NFS安装未正确中继实际掩码而引起的。 I see this when I mount a non-linux server on linux with NFS.
当我使用NFS在Linux上挂载非Linux服务器时,会看到此消息。
Like a snao server or something that does not support unix style attributes. 像snao服务器或不支持unix样式属性的东西。
Also as the error is reporting that it doesn't like the world writable directory in the path, could you remove it from the path, and use a prefix to access anything in that directory? 同样由于错误报告它不喜欢路径中的世界可写目录,您可以将其从路径中删除,并使用前缀访问该目录中的任何内容吗?
EDIT... Another idea is to filter the output of your ruby script with something like... 编辑...另一个想法是用类似...的方法过滤您的ruby脚本的输出。
> ruby ... | egrep -v "warning: Insecure world writable dir"
That would print any output other (the -v) than the specific warning. 那将输出除特定警告以外的任何其他输出(-v)。
However the warning is a security warning, it is a bad idea to have a world writable directory in your path as anyone can put a malicious script or executable in there. 但是,该警告是安全警告,在您的路径中具有可写世界目录是一个坏主意,因为任何人都可以在其中放置恶意脚本或可执行文件。 And it is equally bad to have a mounted bin directory especially one you have no control over in your PATH.
同样,安装一个已挂载的bin目录同样很糟糕,尤其是您无法控制PATH的目录。 In this case the issue has nothing to do with whether the directory is writable or not, it is the fact there is a foreign directory in your PATH.
在这种情况下,问题与目录是否可写无关,这是因为PATH中存在一个外部目录。
Good practices would dictate that you take that mounted directory out of your PATH and the warning will go away. 好的做法将指示您从PATH中删除该挂载目录,并且警告将消失。 If you need to execute something that is in that directory, then explicitly provide the full path to the script or executable.
如果您需要执行该目录中的内容,请显式提供脚本或可执行文件的完整路径。
This is not really a Ruby issue but a security issue. 这实际上不是Ruby问题,而是安全问题。
You can write a method that will suppress the warnings 您可以编写一种方法来消除警告
def suppress_warnings
original_verbosity = $VERBOSE
$VERBOSE = nil
result = yield
$VERBOSE = original_verbosity
return result
end
In irb
在
irb
irb(main):001:0> def suppress_warnings
irb(main):002:1> original_verbosity = $VERBOSE
irb(main):003:1> $VERBOSE = nil
irb(main):004:1> result = yield
irb(main):005:1> $VERBOSE = original_verbosity
irb(main):006:1> return result
irb(main):007:1> end
=> nil
irb(main):008:0> Y = :foo
=> :foo
irb(main):009:0> Y = :bar
(irb):9: warning: already initialized constant Y
=> :bar
irb(main):010:0> suppress_warnings { Y = :foo }
=> :foo
irb(main):011:0>
Of course, you'll have to know where the warnings is coming from and wrap it in a method. 当然,您必须知道警告的来源并将其包装在方法中。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.