部署 [已解决] 请问怎么让 Passenger 不以 root 运行? ( avoid running Passenger as root.)

gxlonline · 2017年10月25日 · 最后由 yfractal 回复于 2017年10月26日 · 2820 次阅读

情况描述

网站部署后,访问域名可看到 Welcome to nginx! 页面,但 Rails 未正常运行。

提示:

Passenger is running as root, and part(s) of the passenger root path (/home/deploy/.rvm/gems/ruby-2.4.1/gems/passenger-5.1.11) can be changed by non-root user(s).
Change the owner of the path to root, or avoid running Passenger as root.

谷歌搜到同样的问题 https://stackoverflow.com/questions/46855906/how-can-i-avoid-phusion-passenger-running-as-root ,但是没解决办法。

麻烦大家指点一下,谢谢。

版本情况

Ubuntu14.04, Ruby2.4.1, Rails 5.1.4 , passenger-5.1.11

/opt/nginx/logs/error.log

[ N 2017-10-25 22:44:33.5315 30646/T1 age/Wat/WatchdogMain.cpp:1267 ]: Starting Passenger watchdog...                                                                                            
[ N 2017-10-25 22:44:33.5369 30649/T1 age/Cor/CoreMain.cpp:1165 ]: Starting Passenger core...                                                                                                    
[ N 2017-10-25 22:44:33.5370 30649/T1 age/Cor/CoreMain.cpp:249 ]: Passenger core running in multi-application mode.                                                                              
[ W 2017-10-25 22:44:33.5402 30649/T1 age/Cor/CoreMain.cpp:897 ]: WARNING: potential privilege escalation vulnerability. Passenger is running as root, and part(s) of the passenger root path (/home/deploy/.rvm/gems/ruby-2.4.1/gems/passenger-5.1.11) can be changed by non-root user(s):                                                                                                       
The path "/home/deploy/.rvm/gems/ruby-2.4.1/gems/passenger-5.1.11" can be modified by user "deploy" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.                                                                                                                                                                             
The path "/home/deploy/.rvm/gems/ruby-2.4.1/gems" can be modified by user "deploy" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.                                                                                                                                                                                              
The path "/home/deploy/.rvm/gems/ruby-2.4.1" can be modified by user "deploy" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.  
The path "/home/deploy/.rvm/gems" can be modified by user "deploy" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.             
The path "/home/deploy/.rvm" can be modified by user "deploy" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.                  
The path "/home/deploy" can be modified by user "deploy" (or applications running as that user). Change the owner of the path to root, or avoid running Passenger as root.       

ngnix

sudo service nginx start 
ps auxw | grep nginx

root     30656  0.0  0.0  32960   860 ?        Ss   22:44   0:00 nginx: master process /opt/nginx/sbin/nginx                                                                                     
deploy   30657  0.0  0.3  33416  3748 ?        S    22:44   0:00 nginx: worker process   

解决办法

参考:https://stackoverflow.com/questions/20824071/nginx-welcome-to-nginx-page-keeps-showing 解决办法:

sudo vim /opt/nginx/conf/nginx.conf

删除配置文件中以下内容

# location / { # root html; # index index.html index.htm; # passenger_enabled on; # }

重启 nginx 就行了。

你网站怎么部署的?我觉得如果按照官方文档安装,根本就不可能碰到这个问题啊。。

很好奇你们为什么这么喜欢用 Passenger?我 nginx 代理 4 个跑在 docker 里的 puma,没有出现什么性能问题啊,api 都是 100ms 左右返回。。。。。

找到这个,楼主试试? http://joshuapaling.com/blog/2013/08/07/solution-to-passenger-running-as-user-group-nobody.html

楼主要是不经常部署的,重新按照教程来一遍也是个解决方案。

需要 登录 后方可回复, 如果你还没有账号请 注册新账号