Possible nginx security enhancement

Michele Alzetta michele at alzetta.org
Thu Jul 28 17:59:14 UTC 2011

Hallo all,

I have been using nginx very satisfactorily for a few years by now.

Recently I noticed I was having problems with my sites, and finally traced
them back to an nginx problem.

I use nginx on a gentoo linux system, and when nginx is emerged the
necessary directories are created in /var/tmp:

nginx - client
      - fastcgi
      - proxy
      - scgi
      - uwsgi

What happens is that, if /var/tmp/nginx directory is missing, nginx will
not start at all. However, if subdirectories have been cancelled, nginx
will start normally, but sites won't work properly ( things like uploading
attachments for squirrelmail or changing theme preferences in drupal etc.
) In my case, the /var/tmp/nginx subdirectories had been cancelled (my

I appreciate the fact that nginx checks the conf file before starting or
restarting - helps avoiding a mess when you've edited a file and forgotten
an extra } somewhere.

Wouldn't it be good if it also checked for the proper directories to
exist? Or even created them if they didn't exist?

/var/tmp is a directory which may be cleaned up periodically to avoid
useless clutter and this sometimes leads to weird mistakes.

Just a suggestion.


More information about the nginx mailing list