2

我正在使用 nginx 运行 Web 服务器,然后使用 gunicorn 使用 Celery 运行 Django 应用程序。所有的 gunicorn 进程和 Celery 工人都由 Supervisor 管理。我的问题是,在为堆栈中的每个进程设置权限方面的最佳实践是什么?

目前我基本上遵循默认设置,我很确定这里有一些不安全的部分:

  1. Nginx 主进程是 root,工作进程作为 www-data 运行
  2. 主管以 root 身份运行
  3. Gunicorn 以 root 身份运行(我尝试将其设置为另一种用途,但该过程无法启动)
  4. PostgresSQL 和 RabbitMQ 作为自己的用户运行(postgres 和 rabbitmq)
  5. 我还没有设置 Celery,但他们的文档说不要以 root 身份运行

可以收紧哪些权限,我必须确保他们可以访问哪些文件才能工作?

4

1 回答 1

6

Supervisor will need to be root to start the other processes (like Nginx) with root privileges. That should be fine because Supervisor shouldn't interact directly with external users or accept user input.

Gunicorn should be able run without privileges, you may have to change the owner of the unix domain socket it's using to be www-data instead of root.

Generally in web server scenarios you need root privileges to access files and open sockets on ports below 1024. If your server can't access files, you should change their permissions rather than run with privileges. You'll generally need privileges to open up port 80 or 443 which is why modern web servers start as root, bind to their port and then shed privileges to their running user of www-data or nobody.

In terms of other things you should consider, here's a quick list:

  • Ensure your database queries are resistant to SQL injection
  • Ensure your document root is well defined and you're not serving up more files than you intend.
  • Minimize privileges your database accounts have (they probably don't need table drop and create, for example)
  • Avoid any places in code where you're taking user input and executing or evaluating it
于 2013-06-11T20:45:33.677 回答