You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2020/06/11 03:19:08 UTC

[GitHub] [incubator-apisix] Miss-you opened a new issue #1693: request help: apisix supports running as root user

Miss-you opened a new issue #1693:
URL: https://github.com/apache/incubator-apisix/issues/1693


   ### Issue description
   
   Currently apisix supports running with normal user privileges. if you run as root user, then the nginx worker will be the nobody user and will fail to read conf or lua scripts.
   Would like to add configuration to config.yaml to support running apisix as root user
   ### Environment
   
   * apisix version (cmd: `apisix version`): latest
   * OS: linux
   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-apisix] membphis commented on issue #1693: request help: apisix supports running as root user

Posted by GitBox <gi...@apache.org>.

membphis commented on issue #1693:
URL: https://github.com/apache/incubator-apisix/issues/1693#issuecomment-646926475


   > I think we need an Apache APISIX security configuration specification.
   
   that is another question. I have created a new issue: https://github.com/apache/incubator-apisix/issues/1740


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-apisix] membphis commented on issue #1693: request help: apisix supports running as root user

Posted by GitBox <gi...@apache.org>.

membphis commented on issue #1693:
URL: https://github.com/apache/incubator-apisix/issues/1693#issuecomment-642390009


   That's dangerous, I don't think APISIX will officially add this feature.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-apisix] Miss-you closed issue #1693: request help: apisix supports running as root user

Posted by GitBox <gi...@apache.org>.

Miss-you closed issue #1693:
URL: https://github.com/apache/incubator-apisix/issues/1693


   


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-apisix] xxm404 commented on issue #1693: request help: apisix supports running as root user

Posted by GitBox <gi...@apache.org>.

xxm404 commented on issue #1693:
URL: https://github.com/apache/incubator-apisix/issues/1693#issuecomment-642389710


   Hi @Miss-you apisix default home directory is `/usr/local/apisix/`,need sudo permission to start,in production environment sudo permission is strict manage,maybe apisix need support run as normal user


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-apisix] vivid-dev commented on issue #1693: request help: apisix supports running as root user

Posted by GitBox <gi...@apache.org>.

vivid-dev commented on issue #1693:
URL: https://github.com/apache/incubator-apisix/issues/1693#issuecomment-642401858


   Maybe a mandatory restriction is needed.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-apisix] Miss-you commented on issue #1693: request help: apisix supports running as root user

Posted by GitBox <gi...@apache.org>.

Miss-you commented on issue #1693:
URL: https://github.com/apache/incubator-apisix/issues/1693#issuecomment-642431219


   On the other hand, if apisix is running in an isolated environment such as a container (e.g. docker), I think the nginx worker can use root user rights.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-apisix] Miss-you commented on issue #1693: request help: apisix supports running as root user

Posted by GitBox <gi...@apache.org>.

Miss-you commented on issue #1693:
URL: https://github.com/apache/incubator-apisix/issues/1693#issuecomment-642450684


   I think we need an Apache APISIX security configuration specification.


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-apisix] membphis edited a comment on issue #1693: request help: apisix supports running as root user

Posted by GitBox <gi...@apache.org>.

membphis edited a comment on issue #1693:
URL: https://github.com/apache/incubator-apisix/issues/1693#issuecomment-646926475


   > I think we need an Apache APISIX security configuration specification.
   
   that is another question. I have created a new issue: https://github.com/apache/incubator-apisix/issues/1740
   
   we can close this issue. @Miss-you 


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-apisix] vivid-dev edited a comment on issue #1693: request help: apisix supports running as root user

Posted by GitBox <gi...@apache.org>.

vivid-dev edited a comment on issue #1693:
URL: https://github.com/apache/incubator-apisix/issues/1693#issuecomment-642390908


   I also encountered the same error when I used root to install and run apisix.
   To solve these you have to do these:
   1.access apisix return 500.             --run `export prefix=`pwd` ` in apisix root path
   2.access apisix return 403.             -- add` user root;` in apisix conf


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-apisix] moonming commented on issue #1693: request help: apisix supports running as root user

Posted by GitBox <gi...@apache.org>.

moonming commented on issue #1693:
URL: https://github.com/apache/incubator-apisix/issues/1693#issuecomment-642385047


   `sudo apisix start` is ok in my side.
   do you means add `user root` in nginx.conf?


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-apisix] vivid-dev commented on issue #1693: request help: apisix supports running as root user

Posted by GitBox <gi...@apache.org>.

vivid-dev commented on issue #1693:
URL: https://github.com/apache/incubator-apisix/issues/1693#issuecomment-642390908


   I also encountered the same error when I used root to install and run apisix.
   To solve these you have to do these:
   1.access apisix return 500.             --run export prefix=`pwd`  in apisix root path
   2.access apisix return 403.             -- add user root; in apisix conf


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-apisix] Miss-you commented on issue #1693: request help: apisix supports running as root user

Posted by GitBox <gi...@apache.org>.

Miss-you commented on issue #1693:
URL: https://github.com/apache/incubator-apisix/issues/1693#issuecomment-642388341


   yes, pr is here https://github.com/apache/incubator-apisix/pull/1695


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [incubator-apisix] Miss-you commented on issue #1693: request help: apisix supports running as root user

Posted by GitBox <gi...@apache.org>.

Miss-you commented on issue #1693:
URL: https://github.com/apache/incubator-apisix/issues/1693#issuecomment-642430166


   > run Apache APISIX's workers as root is too dangerous. Every app should only get the minimum permissions
   
   I also agree that running the nginx worker under root is a security risk.
   
   The above problem requires root privileges, I'll try another solution here!


----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org