我是AWS和Linux的新手,正在查看expressJS文档,其中建议将ExpressJS服务器的root用户删除给具有最低权限的普通用户。
http.createServer(app).listen(app.get('port'), function(){
console.log("Express server listening on port " + app.get('port'));
process.setgid(config.gid);
process.setuid(config.uid);
});
来源:https://blog.liftsecurity.io/2012/12/07/writing-secure-express-js-apps
我创建了一个AWS ElasticBand Linux服务器,部署了我的代码并通过SSH登录并通过
创建了一个组和用户sudo groupadd testGroup
sudo useradd -g testGroup testUser
我运行 id -a testUser 并获取用户和组值uid = 502(testUser)gid = 502(testGroup)groups = 502(testGroup)并将它们分配给main.js ,日志显示以下错误
http.createServer(app).listen(app.get('port'), function(){
console.log("Express server listening on port " + app.get('port'));
process.setgid(502);
process.setuid(502);
});
/var/app/current/main.js:182
process.setgid(502);
^
Error: EPERM, Operation not permitted
at Error (native)
at Server.<anonymous> (/var/app/current/main.js:182:17)
at Server.g (events.js:260:16)
at emitNone (events.js:67:13)
at Server.emit (events.js:166:7)
at emitListeningNT (net.js:1263:10)
at nextTickCallbackWith1Arg (node.js:430:9)
at process._tickCallback (node.js:352:17)
at Function.Module.runMain (module.js:444:11)
at startup (node.js:136:18)
我尝试输入用户名和组名,并收到相同的错误消息。
这里有什么想法吗?