You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2020/06/11 03:19:08 UTC
[GitHub] [incubator-apisix] Miss-you opened a new issue #1693: request help: apisix supports running as root user
Miss-you opened a new issue #1693:
URL: https://github.com/apache/incubator-apisix/issues/1693
### Issue description
Currently apisix supports running with normal user privileges. if you run as root user, then the nginx worker will be the nobody user and will fail to read conf or lua scripts.
Would like to add configuration to config.yaml to support running apisix as root user
### Environment
* apisix version (cmd: `apisix version`): latest
* OS: linux
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] membphis commented on issue #1693: request help: apisix supports running as root user
Posted by GitBox <gi...@apache.org>.
membphis commented on issue #1693:
URL: https://github.com/apache/incubator-apisix/issues/1693#issuecomment-646926475
> I think we need an Apache APISIX security configuration specification.
that is another question. I have created a new issue: https://github.com/apache/incubator-apisix/issues/1740
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] membphis commented on issue #1693: request help: apisix supports running as root user
Posted by GitBox <gi...@apache.org>.
membphis commented on issue #1693:
URL: https://github.com/apache/incubator-apisix/issues/1693#issuecomment-642390009
That's dangerous, I don't think APISIX will officially add this feature.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] Miss-you closed issue #1693: request help: apisix supports running as root user
Posted by GitBox <gi...@apache.org>.
Miss-you closed issue #1693:
URL: https://github.com/apache/incubator-apisix/issues/1693
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] xxm404 commented on issue #1693: request help: apisix supports running as root user
Posted by GitBox <gi...@apache.org>.
xxm404 commented on issue #1693:
URL: https://github.com/apache/incubator-apisix/issues/1693#issuecomment-642389710
Hi @Miss-you apisix default home directory is `/usr/local/apisix/`,need sudo permission to start,in production environment sudo permission is strict manage,maybe apisix need support run as normal user
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] vivid-dev commented on issue #1693: request help: apisix supports running as root user
Posted by GitBox <gi...@apache.org>.
vivid-dev commented on issue #1693:
URL: https://github.com/apache/incubator-apisix/issues/1693#issuecomment-642401858
Maybe a mandatory restriction is needed.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] Miss-you commented on issue #1693: request help: apisix supports running as root user
Posted by GitBox <gi...@apache.org>.
Miss-you commented on issue #1693:
URL: https://github.com/apache/incubator-apisix/issues/1693#issuecomment-642431219
On the other hand, if apisix is running in an isolated environment such as a container (e.g. docker), I think the nginx worker can use root user rights.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] Miss-you commented on issue #1693: request help: apisix supports running as root user
Posted by GitBox <gi...@apache.org>.
Miss-you commented on issue #1693:
URL: https://github.com/apache/incubator-apisix/issues/1693#issuecomment-642450684
I think we need an Apache APISIX security configuration specification.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] membphis edited a comment on issue #1693: request help: apisix supports running as root user
Posted by GitBox <gi...@apache.org>.
membphis edited a comment on issue #1693:
URL: https://github.com/apache/incubator-apisix/issues/1693#issuecomment-646926475
> I think we need an Apache APISIX security configuration specification.
that is another question. I have created a new issue: https://github.com/apache/incubator-apisix/issues/1740
we can close this issue. @Miss-you
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] vivid-dev edited a comment on issue #1693: request help: apisix supports running as root user
Posted by GitBox <gi...@apache.org>.
vivid-dev edited a comment on issue #1693:
URL: https://github.com/apache/incubator-apisix/issues/1693#issuecomment-642390908
I also encountered the same error when I used root to install and run apisix.
To solve these you have to do these:
1.access apisix return 500. --run `export prefix=`pwd` ` in apisix root path
2.access apisix return 403. -- add` user root;` in apisix conf
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] moonming commented on issue #1693: request help: apisix supports running as root user
Posted by GitBox <gi...@apache.org>.
moonming commented on issue #1693:
URL: https://github.com/apache/incubator-apisix/issues/1693#issuecomment-642385047
`sudo apisix start` is ok in my side.
do you means add `user root` in nginx.conf?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] vivid-dev commented on issue #1693: request help: apisix supports running as root user
Posted by GitBox <gi...@apache.org>.
vivid-dev commented on issue #1693:
URL: https://github.com/apache/incubator-apisix/issues/1693#issuecomment-642390908
I also encountered the same error when I used root to install and run apisix.
To solve these you have to do these:
1.access apisix return 500. --run export prefix=`pwd` in apisix root path
2.access apisix return 403. -- add user root; in apisix conf
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] Miss-you commented on issue #1693: request help: apisix supports running as root user
Posted by GitBox <gi...@apache.org>.
Miss-you commented on issue #1693:
URL: https://github.com/apache/incubator-apisix/issues/1693#issuecomment-642388341
yes, pr is here https://github.com/apache/incubator-apisix/pull/1695
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [incubator-apisix] Miss-you commented on issue #1693: request help: apisix supports running as root user
Posted by GitBox <gi...@apache.org>.
Miss-you commented on issue #1693:
URL: https://github.com/apache/incubator-apisix/issues/1693#issuecomment-642430166
> run Apache APISIX's workers as root is too dangerous. Every app should only get the minimum permissions
I also agree that running the nginx worker under root is a security risk.
The above problem requires root privileges, I'll try another solution here!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org