“不要以 root 身份运行捆绑程序"- 使用 root 的确切区别是什么? [英] "Don't run bundler as root" - what is the exact difference made by using root?
问题描述
如果您在以 root 身份登录时从命令行运行 ruby bundler,则会收到以下警告:
If you run ruby bundler from the command line while logged in as root, you get the following warning:
不要以 root 身份运行 Bundler.如果需要,Bundler 可以要求 sudo,并以 root 身份安装你的包将破坏这个应用程序这台机器上的非 root 用户.
Don't run Bundler as root. Bundler can ask for sudo if it is needed, and installing your bundle as root will break this application for all non-root users on this machine.
以 root 身份运行 bundler 对其安装的 gem 有什么确切的区别?
What is this exact difference that running bundler as root makes to the gems it installs?
是否与它为每个 gem 安装的实际文件的权限有关?Ruby 是否会尝试以非 root 用户身份访问 gem 文件(如果是,Ruby 将使用哪个用户/组以及我将如何找到)?
Is it to do with the permissions of the actual files that it installs for each gem? Will Ruby try to access the gem files as a non-root user (and if so, what user / group would Ruby use and how would I find out)?
由于捆绑程序被用作根用户而损坏的应用程序会出现什么症状?
What would be the symptoms of an application that is broken due to bundler being used as root?
我询问的具体原因是因为我试图在一个非常基本的 Centos VPS 上使用捆绑程序,我不需要设置任何非 root 用户.我是 通过捆绑程序安装的 gem 存在其他问题(错误:找不到要导入的文件或不可读:gemname 尽管有问题的 gem 存在于 gem list),我想知道是否以 root 身份通过 bundler 安装 gems 可能会使文件无法被 Ruby 读取.
My specific reason for asking is because I'm trying to use bundler on a very basic Centos VPS where I have no need to set up any non-root users. I'm having other problems with gems installed via bundler (Error: file to import not found or unreadable: gemname despite the gem in question being present in gem list), and I'm wondering if installing the gems via bundler as root might have made the files unreadable to Ruby.
我想弄清楚我是否确实需要设置一个非 root 用户帐户来纯粹用于运行 bundler,如果需要,该用户需要哪些组和权限才能允许 Ruby 运行安装的 gems bundler.
I want to work out if I do need to set up a non-root user account purely for running bundler, and if I do, what groups and privileges this user will need to allow Ruby to run the gems bundler installs.
或者我可以只 chown 或 chgrp gem 文件夹吗?如果是这样,它是否取决于 Ruby 的安装方式?(我使用了 RVM,我的 gems 最终在 /usr/local/rvm/gems/ 中,归 rvm 组中的 root 所有)这个松散相关的问题的答案意味着 Ruby 安装方式的未指定方面会影响 bundler 的权限要求.
Or can I just chown or chgrp the gem folders? If so, does it depend on anything to do with how Ruby is installed? (I used RVM and my gems end up in /usr/local/rvm/gems/ which is owned by root in group rvm) This loosely related question's answer implies that unspecified aspects of how Ruby is installed influence bundler's permissions requirements.
研究不要以 root 身份运行捆绑程序"消息只会出现 an未回答的问题 和 抱怨此警告显然是就像它说晚上 8 点睡觉"(链接包含 NSFW 语言).
Researching the "Don't run bundler as root" message only comes up with an unanswered question and complaints that this warning is apparently "like it saying to go to sleep at 8PM" (link contains NSFW language).
推荐答案
所以我不得不深入研究 bundler 的 repo 的 git log 历史,因为 GitHub 不允许在 git 中搜索 提交消息了.
So I had to dig into the git log history of bundler's repo, because GitHub doesn't allow search in git commits messages anymore.
提交 c1b3fd165b2ec97fb254a76eaa3900bc4857a357 说:
当 bundler 由 root 运行时打印警告.当用户使用 sudo bundler 运行 bundle install 时,会打印一个警告,让他们知道潜在的后果.
Print warning when bundler is run by root. When a user runs bundle install with sudo bundler will print a warning, letting them know of potential consequences.
关闭#2936
阅读本期,你明白了不应该使用root用户的真正原因:
Reading this issue, you understand the real reason you should not use the root user:
运行 sudo bundle install 可能会导致巨大的级联问题试图将 OS X 上的 gem 安装到系统 gem 中的用户.我们应该打印警告并说明 Bundler 将提示输入 sudo 如果它是需要.我们还应该警告人们 sudo bundle 会破坏 gitgems,因为它们必须可由 Bundler 运行的用户写入作为.
Running sudo bundle install can cause huge and cascading problems for users trying to install gems on OS X into the system gems. We should print a warning and explain that Bundler will prompt for sudo if it's needed. We should also warn people that sudo bundle will break git gems, because they have to be writable by the user that Bundler runs as.
这篇关于“不要以 root 身份运行捆绑程序"- 使用 root 的确切区别是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
