Rails 应用程序 (Redmine) 运行 Thin 中的权限被拒绝
Permission denied in Rails app (Redmine) running with Thin
我正在尝试 运行 使用 Thin 和 nginx 作为反向代理的 Redmine。
我的/etc/thin2.1/redmine.yml:
---
pid: /var/run/thin/redmine.pid
group: redmine
wait: 30
timeout: 30
log: /var/log/thin/redmine.log
max_conns: 1024
require: []
environment: production
max_persistent_conns: 512
servers: 4
daemonize: true
user: redmine
socket: /var/run/thin/redmine.sock
chdir: /var/www/projects.mydomain.tld
当我使用网络浏览器访问网站时,我得到了一个 502 Bad Gateway。这是/var/log/thin/redmine.0.log的内容:
>> Writing PID to /var/run/thin/redmine.0.pid
>> Changing process privilege to redmine:redmine
>> Using rack adapter
>> Exiting!
/usr/lib/ruby/vendor_ruby/thin/daemonizing.rb:158:in `delete': Permission denied @ unlink_internal - /var/run/thin/redmine.0.pid (Errno::EACCES)
from /usr/lib/ruby/vendor_ruby/thin/daemonizing.rb:158:in `remove_pid_file'
from /usr/lib/ruby/vendor_ruby/thin/daemonizing.rb:59:in `block in daemonize'
/usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require': cannot load such file -- bundler/setup (LoadError)
from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /var/www/projects.mydomain.tld/config/boot.rb:4:in `<top (required)>'
from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /var/www/projects.mydomain.tld/config/application.rb:1:in `<top (required)>'
from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /var/www/projects.mydomain.tld/config/environment.rb:2:in `<top (required)>'
from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /var/www/projects.mydomain.tld/config.ru:3:in `block in <main>'
from /usr/lib/ruby/vendor_ruby/rack/builder.rb:55:in `instance_eval'
from /usr/lib/ruby/vendor_ruby/rack/builder.rb:55:in `initialize'
from /var/www/projects.mydomain.tld/config.ru:1:in `new'
from /var/www/projects.mydomain.tld/config.ru:1:in `<main>'
from /usr/lib/ruby/vendor_ruby/rack/adapter/loader.rb:36:in `eval'
from /usr/lib/ruby/vendor_ruby/rack/adapter/loader.rb:36:in `load'
from /usr/lib/ruby/vendor_ruby/rack/adapter/loader.rb:45:in `for'
from /usr/lib/ruby/vendor_ruby/thin/controllers/controller.rb:169:in `load_adapter'
from /usr/lib/ruby/vendor_ruby/thin/controllers/controller.rb:73:in `start'
from /usr/lib/ruby/vendor_ruby/thin/runner.rb:185:in `run_command'
from /usr/lib/ruby/vendor_ruby/thin/runner.rb:151:in `run!'
from /usr/bin/thin:6:in `<main>'
我不明白是什么导致了这个错误。 /var/run/thin/ 中的 .pid 文件归 root 所有。我试图将所有权授予 redmine 和 thin,但得到了同样的错误(无论如何,这些文件都是在重新启动 thin 时重新创建的)。
我用 rbenv 安装了 Ruby。我 运行 bundle install 作为 root 提示这样做 will break this application for all non-root users on this machine。根据 this answer 这应该不是问题,对吗?
编辑: 如果我在 /etc/thin2.1/redmine.yml 中将用户和组设置为 root,权限被拒绝的错误就会消失。我虽然它导致了另一个错误,但那个错误仍然存在。
对于unlink文件权限处理实际上需要权限来写入该文件的目录。
因此要么授予 redmine 写 /var/run/thin/ 的权限,要么将 pids 和套接字放在其他地方 - 通常在应用程序的共享 tmp 中,rails 甚至为这些创建目录。
我正在尝试 运行 使用 Thin 和 nginx 作为反向代理的 Redmine。
我的/etc/thin2.1/redmine.yml:
---
pid: /var/run/thin/redmine.pid
group: redmine
wait: 30
timeout: 30
log: /var/log/thin/redmine.log
max_conns: 1024
require: []
environment: production
max_persistent_conns: 512
servers: 4
daemonize: true
user: redmine
socket: /var/run/thin/redmine.sock
chdir: /var/www/projects.mydomain.tld
当我使用网络浏览器访问网站时,我得到了一个 502 Bad Gateway。这是/var/log/thin/redmine.0.log的内容:
>> Writing PID to /var/run/thin/redmine.0.pid
>> Changing process privilege to redmine:redmine
>> Using rack adapter
>> Exiting!
/usr/lib/ruby/vendor_ruby/thin/daemonizing.rb:158:in `delete': Permission denied @ unlink_internal - /var/run/thin/redmine.0.pid (Errno::EACCES)
from /usr/lib/ruby/vendor_ruby/thin/daemonizing.rb:158:in `remove_pid_file'
from /usr/lib/ruby/vendor_ruby/thin/daemonizing.rb:59:in `block in daemonize'
/usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require': cannot load such file -- bundler/setup (LoadError)
from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /var/www/projects.mydomain.tld/config/boot.rb:4:in `<top (required)>'
from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /var/www/projects.mydomain.tld/config/application.rb:1:in `<top (required)>'
from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /var/www/projects.mydomain.tld/config/environment.rb:2:in `<top (required)>'
from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /usr/lib/ruby/2.1.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /var/www/projects.mydomain.tld/config.ru:3:in `block in <main>'
from /usr/lib/ruby/vendor_ruby/rack/builder.rb:55:in `instance_eval'
from /usr/lib/ruby/vendor_ruby/rack/builder.rb:55:in `initialize'
from /var/www/projects.mydomain.tld/config.ru:1:in `new'
from /var/www/projects.mydomain.tld/config.ru:1:in `<main>'
from /usr/lib/ruby/vendor_ruby/rack/adapter/loader.rb:36:in `eval'
from /usr/lib/ruby/vendor_ruby/rack/adapter/loader.rb:36:in `load'
from /usr/lib/ruby/vendor_ruby/rack/adapter/loader.rb:45:in `for'
from /usr/lib/ruby/vendor_ruby/thin/controllers/controller.rb:169:in `load_adapter'
from /usr/lib/ruby/vendor_ruby/thin/controllers/controller.rb:73:in `start'
from /usr/lib/ruby/vendor_ruby/thin/runner.rb:185:in `run_command'
from /usr/lib/ruby/vendor_ruby/thin/runner.rb:151:in `run!'
from /usr/bin/thin:6:in `<main>'
我不明白是什么导致了这个错误。 /var/run/thin/ 中的 .pid 文件归 root 所有。我试图将所有权授予 redmine 和 thin,但得到了同样的错误(无论如何,这些文件都是在重新启动 thin 时重新创建的)。
我用 rbenv 安装了 Ruby。我 运行 bundle install 作为 root 提示这样做 will break this application for all non-root users on this machine。根据 this answer 这应该不是问题,对吗?
编辑: 如果我在 /etc/thin2.1/redmine.yml 中将用户和组设置为 root,权限被拒绝的错误就会消失。我虽然它导致了另一个错误,但那个错误仍然存在。
对于unlink文件权限处理实际上需要权限来写入该文件的目录。
因此要么授予 redmine 写 /var/run/thin/ 的权限,要么将 pids 和套接字放在其他地方 - 通常在应用程序的共享 tmp 中,rails 甚至为这些创建目录。