Why "user" directive is not effective for master process?

Maxim Dounin mdounin at mdounin.ru
Thu Dec 16 06:26:55 MSK 2010


On Wed, Dec 15, 2010 at 09:12:53PM -0500, speedfirst wrote:

> When I set "user user1;" in config and use sudo to start nginx, all
> worker processes are owned by "user1", only master process are owned by
> "root". With these, I can't create a Linux account with proper
> permission setting for only nginx.

Master process needs root to (re)open listening sockets on 
priveleged ports, upgrade binary and so on.

If you want master to be non-root you are free to start it as 
normal user.  Though you may need some OS tuning to allow it to bind 
to privileged ports in this case (not sure if Linux will be able 
to do this securely).

Maxim Dounin

More information about the nginx mailing list