Phusion Passenger無法以root用戶身份運行-警告:潛在的特權升級漏洞
[英]Phusion Passenger can't run as root - WARNING: potential privilege escalation vulnerability
問題描述
嗨,我正在嘗試通過乘客和apache2將我的rails應用程序部署到VPS,但是我收到錯誤
[ W 2018-02-14 21:02:37.0342 9640/T1 age/Cor/CoreMain.cpp:969 ]: WARNING: potential privilege escalation vulnerability. Phusion Passenger is running as root, and part(s) of the passenger root path (/home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/gems/passenger-5.2.0) can be changed by non-root user(s):
The path "/home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/gems/passenger-5.2.0" can be modified by user "deploy" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.
The path "/home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/gems/passenger-5.2.0" is writeable by any user (or application). Limit write access on the path to only the root user/group.
The path "/home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/gems" can be modified by user "deploy" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.
The path "/home/deploy/.rvm/gems/ruby-2.4.1@spelld.it" can be modified by user "deploy" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.
The path "/home/deploy/.rvm/gems" can be modified by user "deploy" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.
The path "/home/deploy/.rvm" can be modified by user "deploy" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.
The path "/home/deploy" can be modified by user "deploy" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.
我嘗試更改權限,但無法使用
sudo chmod 700 /home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/gems/passenger-5.2.0
和
sudo chown root:root /home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/gems/passenger-5.2.0
我什至發現有相同問題的問題,但我不知道如何解決。。。 如何避免Phusion Passenger以root身份運行?
2 個解決方案
解決方案1
6 2018-03-12 07:45:52
乘客作者在這里。 您可以做的另一件事是使用root用戶而不是用戶“ deploy”來安裝RVM Ruby和Passenger。 這樣,您的Ruby安裝和Passenger安裝由root擁有,並且您不會看到此警告。
甚至更好:使用我們的本地Debian / Ubuntu / CentOS軟件包。
解決方案2
1 2019-01-17 17:26:48
我也想提供一些見解。 @ Hongli的答案還不是全部。 @ Taryn East是正確的。 即使您對每個目錄都進行了chown,也需要對每個目錄進行chmod才能使Patient正常工作。
在您的示例中,您需要:
chmod 700 /home/deploy/.rvm
chmod 700 /home/deploy/.rvm/gems/
chmod 700 /home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/
chmod 700 /home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/gems/
chmod 700 /home/deploy/.rvm/gems/ruby-2.4.1@spelld.it/gems/passenger-5.2.0
Phusion 乘客以 root 身份運行,非 root 用戶可以更改乘客根路徑 () 的一部分
[英]Phusion Passenger is running as root, and part(s) of the Passenger root path () can be changed by non-root user(s)
Phusion Passenger在未使用Phusion Passenger的項目中引發錯誤
[英]Phusion Passenger is raising an error in a project that doesn't use Phusion Passenger
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
我無法安裝Phusion Passenger來運行Rails
Phusion 乘客以 root 身份運行,非 root 用戶可以更改乘客根路徑 () 的一部分
如何避免 Phusion 乘客以 root 身份運行?
Phusion Passenger 4 / Apache 2.4找不到rack.rb
Phusion Passenger在未使用Phusion Passenger的項目中引發錯誤
無法啟動Phusion Passenger - 錯誤的根路徑
Phusion Passenger希望始終運行捆綁包安裝
Phusion Passenger不會在Mountain Lion中編譯
***錯誤:Phusion Passenger似乎沒有運行
Phusion Passenger不寫日志文件
相關標簽