微信公众号搜"智元新知"关注
微信扫一扫可直接关注哦!

如何将 Rails 控制台提升为弱势 www-data 用户?

分类:编程问答

如何解决如何将 Rails 控制台提升为弱势 www-data 用户?

我的 Rails 应用使用 Nginxwww-data 用户运行,所有磁盘写入功能都归 www-data 所有,因此该应用的所有相关磁盘存储资产都归 www-data 所有。有时我需要提升 Rails 控制台并执行接触或创建存储资产的操作,我不希望这些接触/创建的资产归 root 或其他管理员用户所有,我希望它们仍然归 www-data 用户所有。这在 ruby​​ 1.9.3 -> 2.6.x 下运行良好:

sudo -u www-data RAILS_MASTER_KEY=xxx RAILS_ENV=production bin/rails console

当我在 ruby​​ 2.7.x 或 3.0.0 上尝试此操作时,出现以下错误

Loading production environment (Rails 6.1.3)
/usr/lib/ruby/3.0.0/irb/ext/save-history.rb:98:in `stat': Permission denied @ rb_file_s_stat - /root/.irb_history (Errno::EACCES)
    from /usr/lib/ruby/3.0.0/irb/ext/save-history.rb:98:in `save_history'
    from /usr/lib/ruby/3.0.0/irb/ext/save-history.rb:60:in `block in extended'
    from /usr/lib/ruby/3.0.0/irb.rb:475:in `block in run'
    from /usr/lib/ruby/3.0.0/irb.rb:475:in `each'
    from /usr/lib/ruby/3.0.0/irb.rb:475:in `ensure in run'
    from /usr/lib/ruby/3.0.0/irb.rb:475:in `run'
    from /usr/lib/ruby/3.0.0/irb.rb:400:in `start'
    from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/commands/console/console_command.rb:70:in `start'
    from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/commands/console/console_command.rb:19:in `start'
    from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/commands/console/console_command.rb:102:in `perform'
    from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/thor-1.1.0/lib/thor/command.rb:27:in `run'
    from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/thor-1.1.0/lib/thor/invocation.rb:127:in `invoke_command'
    from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/thor-1.1.0/lib/thor.rb:392:in `dispatch'
    from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/command/base.rb:69:in `perform'
    from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/command.rb:50:in `invoke'
    from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/commands.rb:18:in `<top (required)>'
    from bin/rails:4:in `require'
    from bin/rails:4:in `<main>'
/usr/lib/ruby/3.0.0/reline/config.rb:124:in `readlines': Permission denied @ rb_sysopen - /root/.inputrc (Errno::EACCES)
    from /usr/lib/ruby/3.0.0/reline/config.rb:124:in `read'
    from /usr/lib/ruby/3.0.0/reline.rb:232:in `inner_readline'
    from /usr/lib/ruby/3.0.0/reline.rb:175:in `readmultiline'
    from /usr/lib/ruby/3.0.0/forwardable.rb:238:in `readmultiline'
    from /usr/lib/ruby/3.0.0/forwardable.rb:238:in `readmultiline'
    from /usr/lib/ruby/3.0.0/irb/input-method.rb:302:in `gets'
    from /usr/lib/ruby/3.0.0/irb.rb:519:in `block (2 levels) in eval_input'
    from /usr/lib/ruby/3.0.0/irb.rb:721:in `signal_status'
    from /usr/lib/ruby/3.0.0/irb.rb:518:in `block in eval_input'
    from /usr/lib/ruby/3.0.0/irb/ruby-lex.rb:202:in `lex'
    from /usr/lib/ruby/3.0.0/irb/ruby-lex.rb:174:in `block (2 levels) in each_top_level_statement'
    from /usr/lib/ruby/3.0.0/irb/ruby-lex.rb:171:in `loop'
    from /usr/lib/ruby/3.0.0/irb/ruby-lex.rb:171:in `block in each_top_level_statement'
    from /usr/lib/ruby/3.0.0/irb/ruby-lex.rb:170:in `catch'
    from /usr/lib/ruby/3.0.0/irb/ruby-lex.rb:170:in `each_top_level_statement'
    from /usr/lib/ruby/3.0.0/irb.rb:537:in `eval_input'
    from /usr/lib/ruby/3.0.0/irb.rb:472:in `block in run'
    from /usr/lib/ruby/3.0.0/irb.rb:471:in `catch'
    from /usr/lib/ruby/3.0.0/irb.rb:471:in `run'
    from /usr/lib/ruby/3.0.0/irb.rb:400:in `start'
    from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/commands/console/console_command.rb:70:in `start'
    from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/commands/console/console_command.rb:19:in `start'
    from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/commands/console/console_command.rb:102:in `perform'
    from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/thor-1.1.0/lib/thor/command.rb:27:in `run'
    from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/thor-1.1.0/lib/thor/invocation.rb:127:in `invoke_command'
    from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/thor-1.1.0/lib/thor.rb:392:in `dispatch'
    from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/command/base.rb:69:in `perform'
    from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/command.rb:50:in `invoke'
    from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/commands.rb:18:in `<top (required)>'
    from bin/rails:4:in `require'
    from bin/rails:4:in `<main>'

我已经尝试在 /root/.irb_history 创建一个文件并授予它全局写入权限,但我仍然遇到相同的错误

我正在 Ubuntu 18.04 和 20.04 上从源代码编译 ruby​​,仅使用“--prefix=/usr”标志。

如果我 sudo su一个具有主目录等完整用户管理员用户帐户,与有限的 www-data 用户不同,或者以 root 身份运行,我可以毫无错误地启动 Rails 控制台(当然磁盘资产的所有权是一个问题)。

如果我以完全管理员用户身份运行 sudo -u www-data bin/rails console 命令,我可以启动控制台,并且只有在我退出控制台时才会看到错误,如下所示:

irb(main):033:0> exit
/usr/lib/ruby/3.0.0/irb/ext/save-history.rb:108:in `initialize': Permission denied @ rb_sysopen - /home/[username]/.irb_history (Errno::EACCES)
    from /usr/lib/ruby/3.0.0/irb/ext/save-history.rb:108:in `open'
    from /usr/lib/ruby/3.0.0/irb/ext/save-history.rb:108:in `save_history'
    from /usr/lib/ruby/3.0.0/irb/ext/save-history.rb:60:in `block in extended'
    from /usr/lib/ruby/3.0.0/irb.rb:475:in `block in run'
    from /usr/lib/ruby/3.0.0/irb.rb:475:in `each'
    from /usr/lib/ruby/3.0.0/irb.rb:475:in `run'
    from /usr/lib/ruby/3.0.0/irb.rb:400:in `start'
    from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/commands/console/console_command.rb:70:in `start'
    from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/commands/console/console_command.rb:19:in `start'
    from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/commands/console/console_command.rb:102:in `perform'
    from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/thor-1.1.0/lib/thor/command.rb:27:in `run'
    from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/thor-1.1.0/lib/thor/invocation.rb:127:in `invoke_command'
    from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/thor-1.1.0/lib/thor.rb:392:in `dispatch'
    from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/command/base.rb:69:in `perform'
    from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/command.rb:50:in `invoke'
    from /apps/connect/shared/vendor_bundle/ruby/3.0.0/gems/railties-6.1.3/lib/rails/commands.rb:18:in `<top (required)>'
    from bin/rails:4:in `require'
    from bin/rails:4:in `<main>'

如果我以 root 身份运行它,则会出现上述错误

解决方法

我相信您所要做的就是将 HOME 变量配置到您的命令中,使其看起来像:

sudo -u www-data HOME=/tmp RAILS_MASTER_KEY=xxx RAILS_ENV=production bin/rails console

版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。

苹果市值2025年有望达4万亿美元
pythonJavaScriptjavaHTMLPHPreactjsC#AndroidCSSNode.jssqlrpython-3.xMysqLjQueryc++pandasFlutterangularIOSdjangolinuxswifttypescript路由器JSON路由器设置无线路由器h3c华三华三路由器设置华三路由器电脑软件教程arraysdocker软件图文教程Cvue.jslaravelspring-boot