Nginx does not re-open log files on SIGUSR1.
jabberuser at gmail.com
Mon Jan 3 17:43:04 MSK 2011
On 01/03/2011 03:25 PM, Piotr Sikora wrote:
>> Any reason to?
> Yes, user requires "+x" permission to the directory in order to be able
> to open any file(s) inside it. Google/Bing/whatever for "unix
> permissions", this is as simple as it gets.
This is what I mean by 'exec will allow only chdir there'. With X you
can access dir content and depends on files rights, you can read them
etc. Mental shortcut.
>> Nginx works for me flawless on each box with 700 root:root on
>> /var/log/nginx, the only problem I found is SIGUSR1, Whatever you
>> agree with me or not, nginx shoudn't need perms on its logs dir,
>> because it will allow users to use symlink to fetch logs.
> This is because:
> - on start and reload - master process opens log files before fork() and
> worker processes only inherit them,
> - on reopen - all processes need to open logs, so workers also need
> permission to open log files.
Well ok, I understand [now] why it is needed (perms that is). However
security issue still remains which in my opinion should be addressed as
bug and fixed, can you agree with me?
More information about the nginx