对象:
含有setuid(geteuid())这类程序
要求:
bash 4.1以下
原理:
bash在执行时会调用环境变量,并且加载自定义函数,这时,会执行自定义函数后的语句
export foo='() { :; }; echo hello bash’
# 猜测:当时getuid获取的可能是文件所有者的UID,也就是0,这样,setuid就获取了root权限
当前状态
geteuid(),getuid()一字之差
分类: 笔记
修复OpenProject
大体上来讲是这样@OpenProject Community
2016-11-20 17:08:23,386 CRIT Supervisor running as root (no user in config file)
2016-11-20 17:08:23,386 WARN Included extra file “/etc/supervisor/conf.d/supervisord.conf” during parsing
2016-11-20 17:08:23,420 INFO RPC interface ‘supervisor’ initialized
2016-11-20 17:08:23,420 CRIT Server ‘unix_http_server’ running without any HTTP authentication checking
2016-11-20 17:08:23,421 INFO supervisord started with pid 1
2016-11-20 17:08:24,424 INFO spawned: ‘postgres’ with pid 88
2016-11-20 17:08:24,426 INFO spawned: ‘apache2’ with pid 89
2016-11-20 17:08:24,429 INFO spawned: ‘web’ with pid 90
2016-11-20 17:08:24,433 INFO spawned: ‘worker’ with pid 91
2016-11-20 17:08:24,436 INFO spawned: ‘postfix’ with pid 92
2016-11-20 17:08:24,439 INFO spawned: ‘cron’ with pid 93
2016-11-20 17:08:24,441 INFO spawned: ‘memcached’ with pid 94
2016-11-20 17:08:24,462 INFO success: postfix entered RUNNING state, process has stayed up for > than 0 seconds (startsecs)
2016-11-20 17:08:24,586 INFO exited: apache2 (exit status 0; not expected)
2016-11-20 17:08:24,875 INFO exited: postfix (exit status 0; expected)
2016-11-20 17:08:25,877 INFO success: postgres entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-11-20 17:08:25,880 INFO spawned: ‘apache2’ with pid 200
2016-11-20 17:08:25,880 INFO success: web entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-11-20 17:08:25,881 INFO success: worker entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-11-20 17:08:25,881 INFO success: cron entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-11-20 17:08:25,881 INFO success: memcached entered RUNNING state, process has stayed up for > than 1 seconds (startsecs)
2016-11-20 17:08:25,957 INFO exited: apache2 (exit status 0; not expected)
2016-11-20 17:08:28,092 INFO spawned: ‘apache2’ with pid 261
2016-11-20 17:08:28,181 INFO exited: apache2 (exit status 0; not expected)
2016-11-20 17:08:31,200 INFO spawned: ‘apache2’ with pid 266
2016-11-20 17:08:31,276 INFO exited: apache2 (exit status 0; not expected)
2016-11-20 17:08:31,921 INFO gave up: apache2 entered FATAL state, too many start retries too quickly
简单来讲就是apache服务没有起来,在创建docker 容器的时候加上参数 --restart always就可以每次start容器都和重启一样,可以减少出现apache启动冲突的概率
纪念一下docker建站
第一句:docker真是改变人类生产效率的好东西,docker大法好!
考虑搞一套自己的服务器已经好久了,今天算是第一次成功的把三个站点布在了一个服务器(ThinkPad X1C 2014)上,运行还蛮流畅的,下面简述一下建站流程。
数据库:mysql(本机)
sudo apt-get update && sudo apt-get install mysql-server
博客:WordPress
docker run -itd --name wordpress \
-v /opt/wordpress/html:/var/www/html \
-p 12080:80 \
wordpress
项目管理软件:OpenProject
docker run -itd --name openproject \
-v /opt/openproject/pgdata:/var/lib/postgresql/9.6/main \
-v /opt/openproject/logs:/var/log/supervisor \
-v /opt/openproject/static:/var/db/openproject \
-p 10080:80 \
openproject/community
版本控制软件:GitLab
docker run -itd --name gitlab \
--hostname gitlab.endercaster.lan \
-v /opt/gitlab/config:/etc/gitlab \
-v /opt/gitlab/logs:/var/log/gitlab \
-v /opt/gitlab/data:/var/opt/gitlab \
-p 11080:80 \
-p 11022:22 \
-p 11443:443 \
gitlab/gitlab-ce
其实这里可以不用绑定端口的,使用docker run –ip可以指定固定IP(前提是使用自建的网桥docker network create)
这时其实还没完,在wordpress里还要配置apache的servername,否则会无法访问。
反向代理:nginx
这个是在本机安装的,监听80端口,根据host进行转发,一开始本来使用Apache的,但是配置了好久都不能用,经过查阅,nginx的反向代理配置相对简单快速,转而使用nginx。