Permission denied problem - Passenger running as nobody
瀏覽次數:3,578 次
跳到第一則未讀訊息
Julian Kaffke
2014年3月28日 上午11:19:342014/3/28
收件者:passenge...@googlegroups.com
Hi guys,
My application.conf:
ll of my app-directory:
but with:
No wonder passenger doesn't start, if the app-user himself can't access a directory he owns.
I can't get my Rails App working in a Container.
$ tail-f/var/log/nginx/error.log
[ 2014-03-28 14:58:25.2173 103/7f3ec58db740 agents/Watchdog/Main.cpp:538 ]: Options: { 'analytics_log_user' => 'nobody', 'default_group' => 'nogroup', 'default_python' => 'python', 'default_ruby' => '/usr/bin/ruby', 'default_user' => 'nobody', 'log_level' => '0', 'max_pool_size' => '6', 'passenger_root' => '/usr/lib/ruby/vendor_ruby/phusion_passenger/locations.ini', 'passenger_version' => '4.0.37', 'pool_idle_time' => '300', 'temp_dir' => '/tmp', 'union_station_gateway_address' => 'gateway.unionstationapp.com', 'union_station_gateway_port' => '443', 'user_switching' => 'true', 'web_server_passenger_version' => '4.0.37', 'web_server_pid' => '83', 'web_server_type' => 'nginx', 'web_server_worker_gid' => '9999', 'web_server_worker_uid' => '9999' }[ 2014-03-28 14:58:25.2347 106/7f2f8c6ac740 agents/HelperAgent/Main.cpp:643 ]: PassengerHelperAgent online, listening at unix:/tmp/passenger.1.0.83/generation-0/request[ 2014-03-28 14:58:25.2605 112/7f2843960740 agents/LoggingAgent/Main.cpp:321 ]: PassengerLoggingAgent online, listening at unix:/tmp/passenger.1.0.83/generation-0/logging[ 2014-03-28 14:58:25.2612 103/7f3ec58db740 agents/Watchdog/Main.cpp:728 ]: All Phusion Passenger agents started!
2014/03/28 15:05:38 [alert] 121#0: *1 Cannot stat '/home/app/my_app/config.ru': Permission denied (errno=13); This error means that the Nginx worker process (PID 121, running as UID 9999) does not have permission to access this file. Please read the manual to learn how to fix this problem: section 'Troubleshooting' -> 'Upon accessing the web app, Nginx reports a "Permission denied" error'; Extra info, client: 172.17.42.1, server: localhost, request: "GET / HTTP/1.1", host: "localhost:49170"
Using this Dockerfile (exerpt):
FROM phusion/passenger-ruby21:latestMAINTAINER 'ma...@example.com'
# Enable NGINX RUN rm -f /etc/service/nginx/down
# Update and install needed librariesRUN apt-get update -y RUN apt-get install libpq-dev imagemagick libmagickwand-dev libsqlite3-dev -y
# Adding Application to containerADD my_app /home/app/my_app# Installing bundleRUN cd /home/app/my_app && bundle install
RUN chown app:app -R /home/app/my_appRUN chmod g+x,o+x -R /home/app/my_appRUN chmod g+x,o+x /home/appRUN chmod g+x,o+x /home
ADD application.conf /etc/nginx/sites-enabled/application.confADD nginx.conf /etc/nginx/nginx.conf
RUN rm -f /etc/nginx/sites-enabled/default
# Exposing internal port 80EXPOSE 80
# launching init script, which handles internal processesCMD ["/sbin/my_init"]In nginx.conf I set:
user app;
My application.conf:
server { listen 80; server_name localhost; root /home/app/my_app/public;
# The following deploys your Ruby/Python/Node.js/Meteor app on Passenger.
# Not familiar with Passenger, and used (G)Unicorn/Thin/Puma/pure Node before? # Yes, this is all you need to deploy on Passenger! All the reverse proxying, # socket setup, process management, etc are all taken care automatically for # you! Learn more at https://www.phusionpassenger.com/. passenger_enabled on; passenger_user app;
# If this is a Ruby app, specify a Ruby version: passenger_ruby /usr/bin/ruby2.1; # For Ruby 2.0 # passenger_ruby /usr/bin/ruby2.0; # For Ruby 1.9.3 (you can ignore the "1.9.1" suffix) #passenger_ruby /usr/bin/ruby1.9.1; # For Ruby 1.8.7 #passenger_ruby /usr/bin/ruby1.8;}after building and running the container, top gives me:
1 root 20 0 34980 6768 2840 S 0 0.1 0:00.14 my_init 77 root 20 0 192 32 12 S 0 0.0 0:00.02 runsvdir 78 root 20 0 18080 2028 1540 S 0 0.0 0:00.03 bash 79 root 20 0 168 4 0 S 0 0.0 0:00.00 runsv 80 root 20 0 168 4 0 S 0 0.0 0:00.00 runsv 81 root 20 0 168 4 0 S 0 0.0 0:00.00 runsv 82 root 20 0 168 4 0 S 0 0.0 0:00.00 runsv 83 root 20 0 110m 7448 5624 S 0 0.1 0:00.07 nginx 84 root 20 0 69180 3696 2816 S 0 0.0 0:00.03 syslog-ng 85 root 20 0 19120 1028 836 S 0 0.0 0:00.00 cron 88 root 20 0 50040 2916 2312 S 0 0.0 0:00.01 sshd 103 root 20 0 218m 2180 1896 S 0 0.0 0:00.00 PassengerWatchd 106 root 20 0 493m 2440 2176 S 0 0.0 0:00.03 PassengerHelper 112 nobody 20 0 232m 5004 3940 S 0 0.1 0:00.01 PassengerLoggin 121 app 20 0 110m 3604 1476 S 0 0.0 0:00.00 nginx 244 root 20 0 17212 1224 976 R 0 0.0 0:00.02 top
drwx--x--x 34 app app 4096 Mar 28 15:00 ./drwxr-xr-x 7 app app 4096 Mar 28 15:00 ../-rw---x--x 1 app app 466 Mar 24 10:06 .gitignore*-rw-r-xr-x 1 app app 14 Mar 24 10:06 .ruby-gemset*-rw-r-xr-x 1 app app 16 Mar 24 10:06 .ruby-version*-rw---x--x 1 app app 1863 Mar 28 09:36 Gemfile*-rw---x--x 1 app app 7625 Mar 28 09:37 Gemfile.lock*-rw---x--x 1 app app 478 Mar 24 10:06 README.rdoc*-rw---x--x 1 app app 257 Mar 24 10:06 Rakefile*drwx--x--x 23 app app 4096 Mar 28 13:47 app/drwx--x--x 2 app app 4096 Mar 28 13:47 bin/drwx--x--x 11 app app 4096 Mar 28 13:47 config/-rw---x--x 1 app app 154 Mar 24 10:06 config.ru*drwx--x--x 5 app app 4096 Mar 28 13:47 db/drwx--x--x 8 app app 4096 Mar 28 13:47 lib/drwx--x--x 2 app app 4096 Mar 28 15:00 log/drwx--x--x 5 app app 4096 Mar 28 13:47 public/drwx--x--x 20 app app 4096 Mar 28 13:47 test/drwxr-xr-x 16 app app 4096 Mar 28 15:01 tmp/drwx--x--x 5 app app 4096 Mar 28 13:47 vendor/but with:
$ su app
$ ll /home (okay)
$ ll /home/app (also okay)
$ ll /home/app/my_app (Permission denied)I'm to new to docker to know where a possible error is.
Can somebody tell me, what's going on?
Hongli Lai
2014年5月1日 下午4:04:332014/5/1
收件者:passenge...@googlegroups.com
It's because your /home/app directory itself is owned by root. You need to fix this in your dockerfile.
Sent from my Android phone.
--
You received this message because you are subscribed to the Google Groups "passenger-docker" group.
To unsubscribe from this group and stop receiving emails from it, send an email to passenger-dock...@googlegroups.com.
To post to this group, send email to passenge...@googlegroups.com.
Visit this group at http://groups.google.com/group/passenger-docker.
To view this discussion on the web visit https://groups.google.com/d/msgid/passenger-docker/0ae76f5f-4f68-4cc8-b9e3-363ac7b74106%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Pooja Karande
2017年3月31日 凌晨12:58:342017/3/31
收件者:passenger-docker、hon...@phusion.nl
My nginx and apps directory is both owned by root. There is only root user. How do I solve this permissions issue?
Travis Rowland
2017年3月31日 凌晨2:53:192017/3/31
收件者:passenger-docker、hon...@phusion.nl
I don't understand the issue. The internal docker user is root and if everything is owned by root there should be no permissions issue. Can you please provide some additional information and in a new thread? Thanks!
Jai Rajput
2017年7月12日 凌晨2:37:192017/7/12
收件者:passenger-docker
You need to relax permissions to that the Nginx worker process can access your application directory, by making the directory group- and world-executable:
sudo chmod g+x,o+x /root/myapp/public;
sudo chmod g+x,o+x /root/myapp;
sudo chmod g+x,o+x /root;
You can find solution from here as well:
https://stackoverflow.com/questions/28202371/nginx-worker-process-cant-access-config-ru/45049962#45049962
回覆所有人
回覆作者
轉寄
0 則新訊息