This is an automated email from the ASF dual-hosted git repository.
spacewander pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/apisix.git
The following commit(s) were added to refs/heads/master by this push:
new a815391 fix: APISIX runs in the `/root` directory and reports errors
(#3220)
a815391 is described below
commit a8153917ffd0b32d6b29c938a2485b48c1e7a071
Author: Yuelin Zheng <[email protected]>
AuthorDate: Tue Jan 19 12:01:07 2021 +0800
fix: APISIX runs in the `/root` directory and reports errors (#3220)
---
.travis/apisix_cli_test/test_main.sh | 22 +++++++++++++++++++++-
Makefile | 7 +++----
apisix/cli/env.lua | 2 ++
apisix/cli/ops.lua | 7 +++++++
4 files changed, 33 insertions(+), 5 deletions(-)
diff --git a/.travis/apisix_cli_test/test_main.sh
b/.travis/apisix_cli_test/test_main.sh
index 5983f95..2c3f3c2 100755
--- a/.travis/apisix_cli_test/test_main.sh
+++ b/.travis/apisix_cli_test/test_main.sh
@@ -863,6 +863,27 @@ fi
echo "pass: uninitialized variable not found during writing access log
(port_admin set)"
+# It is forbidden to run apisix under the "/root" directory.
+git checkout conf/config.yaml
+
+mkdir /root/apisix
+
+cp -r ./* /root/apisix
+cd /root/apisix
+make init
+
+out=$(make run 2>&1 || true)
+if ! echo "$out" | grep "Error: It is forbidden to run APISIX in the /root
directory"; then
+ echo "failed: should echo It is forbidden to run APISIX in the /root
directory"
+ exit 1
+fi
+
+cd -
+
+echo "passed: successfully prohibit APISIX from running in the /root directory"
+
+rm -rf /root/apisix
+
# check etcd while enable auth
git checkout conf/config.yaml
@@ -992,4 +1013,3 @@ echo "passed: show password error successfully"
etcdctl --endpoints=127.0.0.1:2379 --user=root:apache-api6 auth disable
etcdctl --endpoints=127.0.0.1:2379 role delete root
etcdctl --endpoints=127.0.0.1:2379 user delete root
-
diff --git a/Makefile b/Makefile
index 10e54d3..e9d7d0b 100644
--- a/Makefile
+++ b/Makefile
@@ -88,11 +88,10 @@ init: default
### run: Start the apisix server
.PHONY: run
run: default
-ifeq ("$(wildcard logs/nginx.pid)", "")
- mkdir -p logs
- $(OR_EXEC) -p $$PWD/ -c $$PWD/conf/nginx.conf
-else
+ifneq ("$(wildcard logs/nginx.pid)", "")
@echo "APISIX is running..."
+else
+ ./bin/apisix start
endif
diff --git a/apisix/cli/env.lua b/apisix/cli/env.lua
index 2ca8c3e..0de10cb 100644
--- a/apisix/cli/env.lua
+++ b/apisix/cli/env.lua
@@ -37,6 +37,8 @@ return function (apisix_home, pkg_cpath_org, pkg_path_org)
error("failed to fetch current path")
end
+ -- determine whether the current path is under the "/root" folder.
+ -- "/root/" is the root folder flag.
if str_find(apisix_home .. "/", '/root/', nil, true) == 1 then
is_root_path = true
end
diff --git a/apisix/cli/ops.lua b/apisix/cli/ops.lua
index a0852e5..2980a07 100644
--- a/apisix/cli/ops.lua
+++ b/apisix/cli/ops.lua
@@ -375,6 +375,13 @@ end
local function start(env, ...)
+ -- Because the worker process started by apisix has "nobody" permission,
+ -- it cannot access the `/root` directory. Therefore, it is necessary to
+ -- prohibit APISIX from running in the /root directory.
+ if env.is_root_path then
+ util.die("Error: It is forbidden to run APISIX in the /root
directory.\n")
+ end
+
local cmd_logs = "mkdir -p " .. env.apisix_home .. "/logs"
util.execute_cmd(cmd_logs)
