Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding warning message when running APISIX in root path #1201

Closed
wants to merge 4 commits into from
Closed

Adding warning message when running APISIX in root path #1201

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
c84d798
Adding warning message when running APISIX in root path
sshniro Mar 4, 2020
c17e0c2
Adding the root user to nginx.conf file
sshniro Mar 7, 2020
916de0c
Adding is_root_path to template
sshniro Mar 7, 2020
9bb610b
Reverting deleted empty line
sshniro Mar 7, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 15 additions & 1 deletion bin/apisix
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,13 +43,18 @@ local pkg_path = apisix_home .. "/deps/share/lua/5.1/apisix/lua/?.lua;"
.. apisix_home .. "/deps/share/lua/5.1/?.lua;;"

-- only for developer, use current folder as working space
local is_root_path
local script_path = arg[0]
if script_path:sub(1, 2) == './' then
apisix_home = trim(excute_cmd("pwd"))
if not apisix_home then
error("failed to fetch current path")
end

if string.match(apisix_home, '^/[root][^/]+') then
is_root_path = true
end

pkg_cpath = apisix_home .. "/deps/lib64/lua/5.1/?.so;"
.. apisix_home .. "/deps/lib/lua/5.1/?.so;"
pkg_path = apisix_home .. "/lua/?.lua;"
Expand Down Expand Up @@ -82,7 +87,9 @@ local ngx_tpl = [=[
# This is a read-only file, do not try to modify it.

master_process on;

{% if is_root_path then %}
user root;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Using root as the user is dangerous and is likely to be exploited by hackers

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh okays, but it won't start when in root dir rite?, I guess from the previous message I understood to allow the user to start but only print warnings?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, you are right:)
IMO, We can print warnings, but we don't need to deal with the permission problem, and we don't need to be compatible with the situation of using root to start Apache APISIX.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

okay, then ill remove the root user configs, and only settle to printing warnings.

{% end %}
worker_processes {* worker_processes *};
{% if os_name == "Linux" then %}
worker_cpu_affinity auto;
Expand Down Expand Up @@ -576,6 +583,12 @@ version: print the version of apisix
end

local function init()

if is_root_path then
print('Warning! Running apisix under /root is only suitable for development environments'
.. ' and it is dangerous to do so. It is recommended to run APISIX in a directory other than /root.')
end

-- read_yaml_conf
local yaml_conf, err = read_yaml_conf()
if not yaml_conf then
Expand All @@ -600,6 +613,7 @@ local function init()
apisix_lua_home = apisix_home,
with_module_status = with_module_status,
error_log = {level = "warn"},
is_root_path = is_root_path
}

if not yaml_conf.apisix then
Expand Down