如何避免Phusion Passenger以root身份运行? [英] How can I avoid Phusion Passenger running as root?

问题描述

我今天更新为旅客5.1.11，并导致查看我的Apache错误日志.

I updated to Passenger 5.1.11 today and had cause to look at my Apache error logs.

在/var/log/apache2/error.log中，我找到了此条目(多次):

In /var/log/apache2/error.log I found this entry (many times over):

警告:潜在的特权升级漏洞.乘客是 以root身份运行，并且可以更改乘客根路径的一部分(/home/jack/.rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/gems/passenger-5.1.11)通过非root用户:路径 "/home/jack/.rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/gems/passenger-5.1.11"可以由用户"jack"(或以此方式运行的应用程序)修改 用户).将路径的所有者更改为root或避免运行 乘客为根.

WARNING: potential privilege escalation vulnerability. Passenger is running as root, and part(s) of the passenger root path (/home/jack/.rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/gems/passenger-5.1.11) can be changed by non-root user(s): The path "/home/jack/.rbenv/versions/2.2.2/lib/ruby/gems/2.2.0/gems/passenger-5.1.11" can be modified by user "jack" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.

我正在运行Debian 7，并以gem的形式安装了Passenger.我没有使用sudo运行任何安装命令.

I'm running Debian 7 and installed Passenger as a gem. I didn't run any install commands using sudo.

如何避免旅客以root身份运行?我花了最后几个小时来搜索，但是空手而归.

How can I avoid Passenger running as root? I've spent the last couple of hours Googling this, but have come up empty handed.

推荐答案

Apache以root身份启动，因此，在加载Passenger模块时，Apache以root身份启动.在与Nginx或Apache集成的情况下，您会发现，限制对gem dir的权限比以非root用户身份运行Web服务器要容易得多.

Apache starts as root, thus when the Passenger module is loaded it starts as root. In a situation where you are integrating with Nginx or Apache, you are going to find it's much easier to restrict the permissions on the gem dir than it is to run the webserver as a non-root user.

这篇关于如何避免Phusion Passenger以root身份运行?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！