堆栈内存溢出
  繁体   English   中英

Phusion Passenger无法以root用户身份运行-警告:潜在的特权升级漏洞

[英]Phusion Passenger can't run as root - WARNING: potential privilege escalation vulnerability

 原文  2018-02-14 20:29:32       ruby-on-rails/ apache2/ passenger/ vps/ production

问题描述

嗨,我正在尝试通过乘客和apache2将我的rails应用程序部署到VPS,但是我收到错误 

   [ W 2018-02-14 21:02:37.0342 9640/T1 age/Cor/CoreMain.cpp:969 ]: WARNING: potential privilege escalation vulnerability. Phusion Passenger is running as root, and part(s) of the passenger root path (/home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/gems/passenger-5.2.0) can be changed by non-root user(s):
    The path "/home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/gems/passenger-5.2.0" can be modified by user "deploy" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.
    The path "/home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/gems/passenger-5.2.0" is writeable by any user (or application). Limit write access on the path to only the root user/group.
    The path "/home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/gems" can be modified by user "deploy" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.
    The path "/home/deploy/.rvm/gems/ruby-2.4.1@spelld.it" can be modified by user "deploy" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.
    The path "/home/deploy/.rvm/gems" can be modified by user "deploy" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.
    The path "/home/deploy/.rvm" can be modified by user "deploy" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.
    The path "/home/deploy" can be modified by user "deploy" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.

我尝试更改权限,但无法使用 

sudo chmod 700 /home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/gems/passenger-5.2.0


sudo chown root:root /home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/gems/passenger-5.2.0

我什至发现有相同问题的问题,但我不知道如何解决。。。 如何避免Phusion Passenger以root身份运行?

2 个解决方案

解决方案1
 6  2018-03-12 07:45:52

乘客作者在这里。 您可以做的另一件事是使用root用户而不是用户“ deploy”来安装RVM Ruby和Passenger。 这样,您的Ruby安装和Passenger安装由root拥有,并且您不会看到此警告。

甚至更好:使用我们的本地Debian / Ubuntu / CentOS软件包。

解决方案2
 1  2019-01-17 17:26:48

我也想提供一些见解。 @ Hongli的答案还不是全部。 @ Taryn East是正确的。 即使您对每个目录都进行了chown,也需要对每个目录进行chmod才能使Patient正常工作。

在您的示例中,您需要: 

chmod 700 /home/deploy/.rvm
chmod 700 /home/deploy/.rvm/gems/
chmod 700 /home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/
chmod 700 /home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/gems/
chmod 700 /home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/gems/passenger-5.2.0

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 我无法安装Phusion Passenger来运行Rails Phusion 乘客以 root 身份运行,非 root 用户可以更改乘客根路径 () 的一部分 如何避免 Phusion 乘客以 root 身份运行? Phusion Passenger 4 / Apache 2.4找不到rack.rb Phusion Passenger在未使用Phusion Passenger的项目中引发错误 无法启动Phusion Passenger - 错误的根路径 Phusion Passenger希望始终运行捆绑包安装 Phusion Passenger不会在Mountain Lion中编译 ***错误:Phusion Passenger似乎没有运行 Phusion Passenger不写日志文件
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM