建议安装时初始化 log 配置及预创建日志文件(nobody) #38
Comments
|
另一个解决方案:切换回 root。v2ray 不是木马,也无法通过 v2ray 上传木马,似乎没有用 nobody 的必要性。 由于 VLESS,直接使用证书文件的场景也越来越多了,相关讨论:v2ray/v2ray-core#2328 |
|
https://www.v2fly.org/guide/install.html#linux-%E5%AE%89%E8%A3%85%E8%84%9A%E6%9C%AC go.sh 相关内容已被移除,这里需要补充更多关于新脚本的说明,比如全新安装和目录说明。 |
ghost
pushed a commit
that referenced
this issue
Aug 14, 2020
1. It seems that someone will run V2Ray directly through commands instead of systemd first, which will cause wrong Log file permissions and affect subsequent systemd operations. issue #38
ghost
mentioned this issue
这个判断在我看来是没有道理的,通过诸如缓冲区溢出等方式,可能可以通过以 root 身份执行的 v2ray 进程实现特权提升。在绝大多数场景下最小权限原则都是适用的。 |
绝大多数 Go 程序不会有这样的漏洞。 |
|
對應該項目,我假定的前提是: 用者應當知道自己想要什麼,也明白自己在做什麼,並且會為自己的行為負責。 所以用者有需求的話,可以自行修改單元文檔,但考慮到一些用者未必有此經驗,我會著手補充一下 Wiki。 |
ghost
pushed a commit
that referenced
this issue
Aug 15, 2020
1. Migrate from the old script to this. 2. Move .dat files from lib directory to share directory. 3. To use the VLESS protocol. issue #38
This was referenced Aug 15, 2020
RPRX
added a commit
to v2fly/v2fly-github-io
that referenced
this issue
Aug 15, 2020
* fix: Contents of the new script 1. Correction of the content of the fhs-install-v2ray project. 2. Add the contents of the golang-v2ray-core package of the Debian operating system. issue v2fly/fhs-install-v2ray#38 * Update install.md Co-authored-by: RPRX <63339210+rprx@users.noreply.github.com>
|
刚刚踩了这个坑,附上解决方案: |
This issue was closed.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
另一个建议:运行脚本时若检测到 /var/log/v2ray/ 目录下已有文件,则更改全部文件所属的用户和组。
因 nobody 对日志文件的权限不够而导致 v2ray 无法启动是一个很常见又隐蔽的坑,若非更换脚本,则通常是因为用户先用更高的权限手动测试时先创建了日志文件。这两个建议可以在很大程度上降低这个问题的出现概率。
The text was updated successfully, but these errors were encountered: