“不要以root身份运行捆绑程序” - 使用root做的确切区别是什么? [英] "Don't run bundler as root" - what is the exact difference made by using root?
问题描述
如果您以root用户身份登录后从命令行运行ruby bundler,您会收到以下警告:
请勿运行Bundler作为根。 Bundler可以询问sudo是否需要,
并以根用户身份安装捆绑软件将会在此机器上为所有
非root用户破解此应用程序。
这个确切的区别是,以根用户身份运行bundler会对其安装的宝石产生什么影响?
它与它为每个gem安装的实际文件的权限有关吗? Ruby会尝试以非root用户的身份访问gem文件(如果是的话,Ruby会使用哪些用户/组,以及我将如何发现)?
会是由于捆绑软件被用作root用户而破坏的应用程序的症状吗?
我要问的具体原因是因为我试图在非常基本的Centos VPS上使用捆绑器,因为我不需要设置任何非root用户。我是错误:要导入的文件不存在或不可读:gemname >尽管所涉及的gem存在于 gem list ),我想知道是否以root用户身份通过bundler安装gem可能使这些文件对Ruby不可读。
我想解决一下,如果我确实需要设置一个纯粹用于运行捆绑器的非root用户帐户,并且如果需要,那么该用户需要允许Ruby运行gem bundler的组和权限。 p>
或者我可以只是 chown 或 chgrp gem文件夹?如果是这样,它是否依赖于如何安装Ruby? (我使用了RVM,并且我的宝石最终在rvm组中拥有的 / usr / local / rvm / gems / 中)这个松散相关的问题的答案意味着未安装Ruby的方面会影响bundler的权限要求。
研究不要以root身份运行bundler消息只会出现一个未解答的问题和抱怨说,这个警告显然是喜欢它说在晚上8点睡觉(链接包含NSFW语言)。
所以我不得不深入了解bundler的repo的git日志历史,因为GitHub 提交消息。
提交 c1b3fd165b2ec97fb254a76eaa3900bc4857a357 说:
打包警告,当bundler由root运行时。当用户使用sudo bundler运行bundle install时,会打印一条警告消息,让
他们知道潜在的后果。
关闭#2936
问题,您了解不应该使用 root 用户的真正原因:
运行sudo bundle install可能会导致
用户试图将OS X上的gem安装到系统宝石中的巨大级联问题。我们应该
打印一个警告,并解释Bundler会提示输入sudo是否需要
。我们还应该警告人们,sudo bundle会打破git
宝石,因为它们必须由Bundler运行
的用户写入。
If you run ruby bundler from the command line while logged in as root, you get the following warning:
Don't run Bundler as root. Bundler can ask for sudo if it is needed, and installing your bundle as root will break this application for all non-root users on this machine.
What is this exact difference that running bundler as root makes to the gems it installs?
Is it to do with the permissions of the actual files that it installs for each gem? Will Ruby try to access the gem files as a non-root user (and if so, what user / group would Ruby use and how would I find out)?
What would be the symptoms of an application that is broken due to bundler being used as root?
My specific reason for asking is because I'm trying to use bundler on a very basic Centos VPS where I have no need to set up any non-root users. I'm having other problems with gems installed via bundler (Error: file to import not found or unreadable: gemname despite the gem in question being present in gem list), and I'm wondering if installing the gems via bundler as root might have made the files unreadable to Ruby.
I want to work out if I do need to set up a non-root user account purely for running bundler, and if I do, what groups and privileges this user will need to allow Ruby to run the gems bundler installs.
Or can I just chown or chgrp the gem folders? If so, does it depend on anything to do with how Ruby is installed? (I used RVM and my gems end up in /usr/local/rvm/gems/ which is owned by root in group rvm) This loosely related question's answer implies that unspecified aspects of how Ruby is installed influence bundler's permissions requirements.
Researching the "Don't run bundler as root" message only comes up with an unanswered question and complaints that this warning is apparently "like it saying to go to sleep at 8PM" (link contains NSFW language).
So I had to dig into the git log history of bundler's repo, because GitHub doesn't allow search in git commits messages anymore.
The commit c1b3fd165b2ec97fb254a76eaa3900bc4857a357 says :
Print warning when bundler is run by root. When a user runs bundle install with sudo bundler will print a warning, letting them know of potential consequences.
closes #2936
Reading this issue, you understand the real reason you should not use the root user:
Running sudo bundle install can cause huge and cascading problems for users trying to install gems on OS X into the system gems. We should print a warning and explain that Bundler will prompt for sudo if it's needed. We should also warn people that sudo bundle will break git gems, because they have to be writable by the user that Bundler runs as.
这篇关于“不要以root身份运行捆绑程序” - 使用root做的确切区别是什么?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
