linux - 部署web服务都不用root权限吗?
伊谢尔伦
伊谢尔伦 2017-04-17 11:28:37
0
5
1157

在开发服务器上,每个人都有一个开发服务器的帐号。但是因为没有root权限,yum之类的安装命令都不好用了。安装开发工具、类库全部要装载自己的home目录下,如果安装的时候依赖库很多,非常麻烦。

问了一下同事,给我的回答是,系统上线也是在非root用户下运行,所以开发的时候就不允许用root权限。请问大家都是这么做的吗?

伊谢尔伦
伊谢尔伦

小伙看你根骨奇佳,潜力无限,来学PHP伐。

reply all(5)
PHPzhong

When deployed to a production environment, you cannot use the highest permissions such as root. Everything is given the minimum permissions. In RedHat systems, there are also restrictions such as SELinux. The company should make you familiar with the corresponding environment. If you are not restricted from using the highest authority such as root, and you use yum update to upgrade system components, and you can install all the software you want into the system, other people's things may be messed up.

The system running in the production environment may already have many things running. Once the system things are changed, it will affect the original environment. Many things can be compiled statically and do not need to be limited to the environment of the server itself.

Although things like yum are convenient, they are not very helpful for demanding environments, so many things on Linux need to be compiled by yourself.

Nginx itself can add many third-party modules. If you are not used to the happy time of compilation under Linux, but rely on yum and apt, it may affect future development.

迷茫

This is too stingy.

The developer's identity on the production server is limited to updating the program code under strict logging and monitoring after the programming is completed, which is reasonable.

But at the same time, for the development work itself, it is also necessary to prepare a debugging server with a complete and accurate environment for developers, relatively loose permission control, and limited resources. Otherwise, you won’t be able to do the developer’s job.

Instead of using a software repository, you waste your energy on the useless labor of manually compiling modules. This pushes developers too far.

Don’t even want to separate the production server and the debugging server. This is a way to die. Such a waste of human and financial resources will never be worth the value of a mere debugging environment.

Supplement: If you insist on making the debugging server and the production server exactly the same, it would be too dogmatic. Debugging is debugging. It is very normal for permissions to be relaxed midway, new software to be temporarily introduced, or even wrong software to be installed and then deleted. As long as the programmer can accurately grasp the system requirements and dependency requirements of the code, there will be no problem.

左手右手慢动作

How to monitor port 80 without root privileges?

A bit ridiculous?

大家讲道理

No. When installing software, try to use it from the source. But I'm from Debian system, so I don't know what's going on with rpm.

Of course the service program does not require the root user. However, the service program should not use the developer's user identity, but should use a separate user for each service.

刘奇

I think your problem is not about whether the service needs root permissions, but about server management. A server administrator should be designated to uniformly manage operations such as installation and upgrade of services. Or give you su permissions, but there must be a set of specifications.

Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template