Start nginx worker process with same user as master process

Francis Daly francis at daoine.org
Tue Sep 20 19:58:50 UTC 2016 

On Tue, Sep 20, 2016 at 06:48:41AM -0400, Sushma wrote:

Hi there,

There are a few different things that I think you may be conflating here.

> When nginx is installed (checking with -V option), I see that the user
> specified is "nginx" user.

By that, I think you mean that the compile-time default for the "user"
directive is "nginx"? So if you do not have an explicit "user" directive,
"user nginx" will be assumed in the nginx.conf.

> However my master and worker process are run as a different user (non root
> user). 

That is the way you want it to be, yes?

If you start nginx (master) as a non-root user, it will not change user
before starting the worker processes.

> In this case I see that many of the directories in nginx are owned by nginx
> user. (probably bcos it was installed as nginx?).

The file ownership is independent of the user running the process.

The only thing that matters is that the user running the process is able
to read and write the files that it needs to read and write.

If you need to change things there, change them outside of the nginx
process.

> Is there a way to mention that  I need this new user. 

How do you start the nginx process?

Whatever that method is, do it as the user that you want to run
everything as.

> nginx: [warn] the "user" directive makes sense only if the
> master process runs with super-user privileges, ignored in
> /usr/local/nginx/conf/nginx.conf:6
> Wth this , it looks like I cant change the user directive in nginx.conf file
> since it does not have any effect.

Correct; a normal user is not able to switch to become a new user.

If you want to run nginx master-and-worker as user abc, become user abc
and then run nginx.

If nginx running as user abc is not able to read or write files
or directories that you want it to, change the ownership of or the
permissions on those files-or-directories, ideally before you run nginx.

Is there a specific thing that you want to do, that you are unable to?

Good luck with it,

	f
-- 
Francis Daly        francis at daoine.org

More information about the nginx mailing list