nginx-0.4.1
Igor Sysoev
is at rambler-co.ru
Thu Sep 14 18:59:44 MSD 2006
On Thu, 14 Sep 2006, Francois Simond wrote:
> Igor Sysoev a ?crit :
>> On Thu, 14 Sep 2006, Francois Simond wrote:
>>
>>> Igor Sysoev a ?crit :
>>>> Changes with nginx 0.4.1 14 Sep
>>>> 2006
>>> Hello to the list, this is my first post here !
>>>
>>> I have a problem with files not owned by the running nginx process uid :
>>>
>>> With the default setup that comes with make install :
>>>
>>> http://localhost/ gives a 500 error:
>>> in the log file:
>>>
>>> 2006/09/14 16:18:11 [crit] 8958#0: *4 open()
>>> "/usr/local/nginx/html/50x.html" failed (1: Operation not permitted),
>>> client: 127.0.0.1, server: localhost,
>>> URL: "/index.html", host: "localhost"
>>>
>>>
>>> If i chown nobody: -R html/ , 200 OK it works.
>>
>> What does "ls -l html/" show ?
> # ls -al /usr/local/nginx/html/
> total 16
> drwxr-xr-x 2 root root 4096 2006-09-14 16:36 .
> drwxr-xr-x 6 root root 4096 2006-09-14 16:36 ..
> -rw-r--r-- 1 root root 383 2006-09-14 16:36 50x.html
> -rw-r--r-- 1 root root 151 2006-09-14 16:36 index.html
>
>
> # ps axu | grep nginx
> root 9505 0.0 0.0 11008 460 ? Ss 16:37 0:00 nginx:
> master process ./sbin/nginx
> nobody 9506 0.0 0.0 11360 1000 ? S 16:37 0:00 nginx:
> worker process
>
> # su - nobody cat /usr/local/nginx/html/index.html
> No directory, logging in with HOME=/
> <html>
> <head>
> <title>Welcome to nginx!</title>
> </head>
> <body bgcolor="white" text="black">
> <center><h1>Welcome to nginx!</h1></center>
> </body>
> </html>
>
> Error 500 for the client, and in the log :
> 2006/09/14 16:38:15 [crit] 9506#0: *1 open() "/usr/local/nginx/html/50x.html"
> failed (1: Operation not permitted), client: 127.0.0.1, server: localhost,
> URL: "/", host: "localhost"
>
>
>>
>> You can override the use or/and group in nginx.conf:
>>
>> user USER;
>> user USER GROUP;
> there is something strange if i set in conf :
> user nobody;
>
> # ./sbin/nginx
> 2006/09/14 16:41:23 [emerg] 9622#0: getgrnam("nobody") failed in
> /usr/local/nginx/conf/nginx.conf:2
>
> beside that :
>
> # id nobody
> uid=65534(nobody) gid=65534(nogroup) groups=65534(nogroup)
>
> something is different from the 0.4.0, i just re-check and with the same conf
> and permissions it respond 200 OK.
>
> Something about the new O_NOATIME ?
Yes, to use O_NOATIME process must have the CAP_FOWNER capability:
http://www.die.net/doc/linux/man/man7/capabilities.7.html
It's seems that O_NOATIME should be backed out. Here is the patch.
Igor Sysoev
http://sysoev.ru/en/
-------------- next part --------------
--- src/http/modules/ngx_http_index_module.c
+++ src/http/modules/ngx_http_index_module.c
@@ -239,8 +239,7 @@
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
- fd = ngx_open_file(ctx->path.data, NGX_FILE_RDONLY|NGX_FILE_NOATIME,
- NGX_FILE_OPEN);
+ fd = ngx_open_file(ctx->path.data, NGX_FILE_RDONLY, NGX_FILE_OPEN);
if (fd == (ngx_fd_t) NGX_AGAIN) {
ctx->current = i;
--- src/http/modules/ngx_http_static_module.c
+++ src/http/modules/ngx_http_static_module.c
@@ -125,8 +125,7 @@
return NGX_HTTP_INTERNAL_SERVER_ERROR;
}
- fd = ngx_open_file(path.data, NGX_FILE_RDONLY|NGX_FILE_NOATIME,
- NGX_FILE_OPEN);
+ fd = ngx_open_file(path.data, NGX_FILE_RDONLY, NGX_FILE_OPEN);
if (fd == NGX_INVALID_FILE) {
err = ngx_errno;
--- src/os/unix/ngx_files.h
+++ src/os/unix/ngx_files.h
@@ -28,11 +28,6 @@
#define NGX_FILE_TRUNCATE O_TRUNC
#define NGX_FILE_APPEND O_APPEND
-#ifdef O_NOATIME
-#define NGX_FILE_NOATIME O_NOATIME
-#else
-#define NGX_FILE_NOATIME 0
-#endif
#define ngx_close_file close
#define ngx_close_file_n "close()"
More information about the nginx
mailing list