Weird privilege errors on Ubuntu 20.04

Sergey A. Osokin osa at freebsd.org.ru
Tue Jun 8 23:01:05 UTC 2021


Looks good to me.

I'd like to request more files: 
- /etc/systemd/system/nginx.service.d/override.conf
- /usr/lib/systemd/system/nginx.service
- /etc/nginx/nginx.conf

Thanks.

On Tue, Jun 08, 2021 at 06:02:29PM -0400, hgv wrote:
> Yes, certainly.
> 
> drwxr-xr-x root root /etc
> drwxr-xr-x root root /etc/ssl
> drwxr-x--- root ssl-cert /etc/ssl/private
> 
> 
> Sergey A. Osokin Wrote:
> -------------------------------------------------------
> > Hi,
> > 
> > Could you check and show permissions on /etc/ssl/private, /etc/ssl,
> > and /etc directories.
> > 
> > Thanks.
> > 
> > -- 
> > Sergey
> > 
> > On Tue, Jun 08, 2021 at 03:57:59PM -0400, hgv wrote:
> > > Hi Sergey,
> > > 
> > > Adding www-data user to ssl-cert group doesn't help.
> > > 
> > > root at k2# usermod -a -G ssl-cert www-data
> > > 
> > > root at k2# getent group ssl-cert
> > > ssl-cert:x:112:postgres,www-data
> > > 
> > > 
> > > Sergey A. Osokin Wrote:
> > > -------------------------------------------------------
> > > > Hi there,
> > > > 
> > > > hope you're doing well.
> > > > 
> > > > On Tue, Jun 08, 2021 at 11:46:32AM -0700, Palvelin Postmaster
> > wrote:
> > > > > I wonder what can cause these weird error log entries? The log
> > > > entries indicate a PID which doesn’t exist. Does nginx launch some
> > > > temporary process when it starts?
> > > > > 
> > > > > Nginx 1.21.0 on Ubuntu 20.04.
> > > > > 
> > > > > root at k2:~# systemctl restart nginx
> > > > > 
> > > > > root at k2:~# tail /var/log/nginx/error.log
> > > > > 2021/06/08 21:25:32 [warn] 1287733#1287733: the "user" directive
> > > > makes sense only if the master process runs with super-user
> > > > privileges, ignored in /etc/nginx/nginx.conf:21
> > > > > 2021/06/08 21:25:32 [emerg] 1287733#1287733: cannot load
> > certificate
> > > > key "/etc/ssl/private/nginx-selfsigned.key": BIO_new_file() failed
> > > > (SSL: error:0200100D:system library:fopen:Permission
> > > > denied:fopen('/etc/ssl/private/nginx-selfsigned.key','r')
> > > > error:2006D002:BIO routines:BIO_new_file:system lib)
> > > > 
> > > > Seems like an attempt to start nginx without root privileges.
> > > > 
> > > > > root at k2:~# ls -lh /etc/ssl/private/ |grep selfsigned
> > > > > -rw-r----- 1 root ssl-cert 1.7K Jul  8 17:12
> > nginx-selfsigned.key
> > > > > 
> > > > > root at k2:~# cat /etc/nginx/nginx.conf |grep ^user
> > > > > user www-data;
> > > > > 
> > > > > root at k2:~# ps -auxw |grep nginx
> > > > > root     1287600  0.0  0.0  56148  6504 ?        Ss   21:25  
> > 0:00
> > > > nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
> > > > > www-data 1287601  0.7  0.1  58544 15652 ?        S    21:25  
> > 0:05
> > > > nginx: worker process
> > > > > www-data 1287602  0.0  0.1  57556 13696 ?        S    21:25  
> > 0:00
> > > > nginx: worker process
> > > > > www-data 1287603  0.0  0.1  56392  9184 ?        S    21:25  
> > 0:00
> > > > nginx: cache manager process
> > > > 
> > > > Could you check `www-data' user permission, and add, if necessary,
> > to
> > > > the `ssl-cert' group.
> > > > 
> > > > -- 
> > > > Sergey Osokin
> > > > _______________________________________________
> > > > nginx mailing list
> > > > nginx at nginx.org
> > > > http://mailman.nginx.org/mailman/listinfo/nginx
> > > 
> > > Posted at Nginx Forum:
> > https://forum.nginx.org/read.php?2,291799,291801#msg-291801
> > > 
> > > _______________________________________________
> > > nginx mailing list
> > > nginx at nginx.org
> > > http://mailman.nginx.org/mailman/listinfo/nginx
> > _______________________________________________
> > nginx mailing list
> > nginx at nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx
> 
> Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291799,291803#msg-291803
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


More information about the nginx mailing list