<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 14pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof">
Hi,</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 14pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 14pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof">
Here you go.</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 14pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof">
<br>
</div>
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 14pt; color: rgb(0, 0, 0); background-color: rgb(255, 255, 255);" class="elementToProof ContentPasted0">
root@ph3dev:~ # nginx -V
<div class="ContentPasted0">nginx version: nginx/1.22.0</div>
<div class="ContentPasted0">built by gcc 7.3.0 (GCC)</div>
<div class="ContentPasted0">built with OpenSSL 1.0.2zg-fips 7 Feb 2023 (running with OpenSSL 1.0.2zg 7 Feb 2023)</div>
<div class="ContentPasted0">TLS SNI support enabled</div>
<div class="ContentPasted0">configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log
--add-module=njs-0.7.5/nginx --with-http_ssl_module --with-pcre --with-ipv6 --with-stream --with-http_auth_request_module --with-http_sub_module --with-http_stub_status_module --with-http_v2_module --user=nginx --group=nginx</div>
<div class="ContentPasted0"><br>
</div>
<div class="ContentPasted0"><br>
</div>
<div class="ContentPasted0">root@ph3dev:~ # nginx -T</div>
<div class="ContentPasted0">nginx: the configuration file /etc/nginx/nginx.conf syntax is ok</div>
<div class="ContentPasted0">nginx: configuration file /etc/nginx/nginx.conf test is successful</div>
<div class="ContentPasted0"># configuration file /etc/nginx/nginx.conf:</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0">#user nobody;</div>
<div class="ContentPasted0">worker_processes 1;</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0">#error_log logs/error.log;</div>
<div class="ContentPasted0">#error_log logs/error.log notice;</div>
<div class="ContentPasted0">#error_log logs/error.log info;</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0">#pid logs/nginx.pid;</div>
<div><br class="ContentPasted0">
</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0">events {</div>
<div class="ContentPasted0"> worker_connections 1024;</div>
<div class="ContentPasted0">}</div>
<div><br class="ContentPasted0">
</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0">http {</div>
<div class="ContentPasted0"> include mime.types;</div>
<div class="ContentPasted0"> default_type application/octet-stream;</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0"> #log_format main '$remote_addr - $remote_user [$time_local] "$request" '</div>
<div class="ContentPasted0"> # '$status $body_bytes_sent "$http_referer" '</div>
<div class="ContentPasted0"> # '"$http_user_agent" "$http_x_forwarded_for"';</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0"> #access_log logs/access.log main;</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0"> sendfile on;</div>
<div class="ContentPasted0"> #tcp_nopush on;</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0"> #keepalive_timeout 0;</div>
<div class="ContentPasted0"> keepalive_timeout 65;</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0"> #gzip on;</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0"> server {</div>
<div class="ContentPasted0"> listen 80;</div>
<div class="ContentPasted0"> server_name localhost;</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0"> #charset koi8-r;</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0"> #access_log logs/host.access.log main;</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0"> location / {</div>
<div class="ContentPasted0"> root html;</div>
<div class="ContentPasted0"> index index.html index.htm;</div>
<div class="ContentPasted0"> }</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0"> #error_page 404 /404.html;</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0"> # redirect server error pages to the static page /50x.html</div>
<div class="ContentPasted0"> #</div>
<div class="ContentPasted0"> error_page 500 502 503 504 /50x.html;</div>
<div class="ContentPasted0"> location = /50x.html {</div>
<div class="ContentPasted0"> root html;</div>
<div class="ContentPasted0"> }</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0"> # proxy the PHP scripts to Apache listening on 127.0.0.1:80</div>
<div class="ContentPasted0"> #</div>
<div class="ContentPasted0"> #location ~ \.php$ {</div>
<div class="ContentPasted0"> # proxy_pass http://127.0.0.1;</div>
<div class="ContentPasted0"> #}</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0"> # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000</div>
<div class="ContentPasted0"> #</div>
<div class="ContentPasted0"> #location ~ \.php$ {</div>
<div class="ContentPasted0"> # root html;</div>
<div class="ContentPasted0"> # fastcgi_pass 127.0.0.1:9000;</div>
<div class="ContentPasted0"> # fastcgi_index index.php;</div>
<div class="ContentPasted0"> # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;</div>
<div class="ContentPasted0"> # include fastcgi_params;</div>
<div class="ContentPasted0"> #}</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0"> # deny access to .htaccess files, if Apache's document root</div>
<div class="ContentPasted0"> # concurs with nginx's one</div>
<div class="ContentPasted0"> #</div>
<div class="ContentPasted0"> #location ~ /\.ht {</div>
<div class="ContentPasted0"> # deny all;</div>
<div class="ContentPasted0"> #}</div>
<div class="ContentPasted0"> }</div>
<div><br class="ContentPasted0">
</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0"> # another virtual host using mix of IP-, name-, and port-based configuration</div>
<div class="ContentPasted0"> #</div>
<div class="ContentPasted0"> #server {</div>
<div class="ContentPasted0"> # listen 8000;</div>
<div class="ContentPasted0"> # listen somename:8080;</div>
<div class="ContentPasted0"> # server_name somename alias another.alias;</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0"> # location / {</div>
<div class="ContentPasted0"> # root html;</div>
<div class="ContentPasted0"> # index index.html index.htm;</div>
<div class="ContentPasted0"> # }</div>
<div class="ContentPasted0"> #}</div>
<div><br class="ContentPasted0">
</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0"> # HTTPS server</div>
<div class="ContentPasted0"> #</div>
<div class="ContentPasted0"> #server {</div>
<div class="ContentPasted0"> # listen 443 ssl;</div>
<div class="ContentPasted0"> # server_name localhost;</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0"> # ssl_certificate cert.pem;</div>
<div class="ContentPasted0"> # ssl_certificate_key cert.key;</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0"> # ssl_session_cache shared:SSL:1m;</div>
<div class="ContentPasted0"> # ssl_session_timeout 5m;</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0"> # ssl_ciphers HIGH:!aNULL:!MD5;</div>
<div class="ContentPasted0"> # ssl_prefer_server_ciphers on;</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0"> # location / {</div>
<div class="ContentPasted0"> # root html;</div>
<div class="ContentPasted0"> # index index.html index.htm;</div>
<div class="ContentPasted0"> # }</div>
<div class="ContentPasted0"> #}</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0">}</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0"># configuration file /etc/nginx/mime.types:</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0">types {</div>
<div class="ContentPasted0"> text/html html htm shtml;</div>
<div class="ContentPasted0"> text/css css;</div>
<div class="ContentPasted0"> text/xml xml;</div>
<div class="ContentPasted0"> image/gif gif;</div>
<div class="ContentPasted0"> image/jpeg jpeg jpg;</div>
<div class="ContentPasted0"> application/javascript js;</div>
<div class="ContentPasted0"> application/atom+xml atom;</div>
<div class="ContentPasted0"> application/rss+xml rss;</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0"> text/mathml mml;</div>
<div class="ContentPasted0"> text/plain txt;</div>
<div class="ContentPasted0"> text/vnd.sun.j2me.app-descriptor jad;</div>
<div class="ContentPasted0"> text/vnd.wap.wml wml;</div>
<div class="ContentPasted0"> text/x-component htc;</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0"> image/avif avif;</div>
<div class="ContentPasted0"> image/png png;</div>
<div class="ContentPasted0"> image/svg+xml svg svgz;</div>
<div class="ContentPasted0"> image/tiff tif tiff;</div>
<div class="ContentPasted0"> image/vnd.wap.wbmp wbmp;</div>
<div class="ContentPasted0"> image/webp webp;</div>
<div class="ContentPasted0"> image/x-icon ico;</div>
<div class="ContentPasted0"> image/x-jng jng;</div>
<div class="ContentPasted0"> image/x-ms-bmp bmp;</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0"> font/woff woff;</div>
<div class="ContentPasted0"> font/woff2 woff2;</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0"> application/java-archive jar war ear;</div>
<div class="ContentPasted0"> application/json json;</div>
<div class="ContentPasted0"> application/mac-binhex40 hqx;</div>
<div class="ContentPasted0"> application/msword doc;</div>
<div class="ContentPasted0"> application/pdf pdf;</div>
<div class="ContentPasted0"> application/postscript ps eps ai;</div>
<div class="ContentPasted0"> application/rtf rtf;</div>
<div class="ContentPasted0"> application/vnd.apple.mpegurl m3u8;</div>
<div class="ContentPasted0"> application/vnd.google-earth.kml+xml kml;</div>
<div class="ContentPasted0"> application/vnd.google-earth.kmz kmz;</div>
<div class="ContentPasted0"> application/vnd.ms-excel xls;</div>
<div class="ContentPasted0"> application/vnd.ms-fontobject eot;</div>
<div class="ContentPasted0"> application/vnd.ms-powerpoint ppt;</div>
<div class="ContentPasted0"> application/vnd.oasis.opendocument.graphics odg;</div>
<div class="ContentPasted0"> application/vnd.oasis.opendocument.presentation odp;</div>
<div class="ContentPasted0"> application/vnd.oasis.opendocument.spreadsheet ods;</div>
<div class="ContentPasted0"> application/vnd.oasis.opendocument.text odt;</div>
<div class="ContentPasted0"> application/vnd.openxmlformats-officedocument.presentationml.presentation</div>
<div class="ContentPasted0"> pptx;</div>
<div class="ContentPasted0"> application/vnd.openxmlformats-officedocument.spreadsheetml.sheet</div>
<div class="ContentPasted0"> xlsx;</div>
<div class="ContentPasted0"> application/vnd.openxmlformats-officedocument.wordprocessingml.document</div>
<div class="ContentPasted0"> docx;</div>
<div class="ContentPasted0"> application/vnd.wap.wmlc wmlc;</div>
<div class="ContentPasted0"> application/wasm wasm;</div>
<div class="ContentPasted0"> application/x-7z-compressed 7z;</div>
<div class="ContentPasted0"> application/x-cocoa cco;</div>
<div class="ContentPasted0"> application/x-java-archive-diff jardiff;</div>
<div class="ContentPasted0"> application/x-java-jnlp-file jnlp;</div>
<div class="ContentPasted0"> application/x-makeself run;</div>
<div class="ContentPasted0"> application/x-perl pl pm;</div>
<div class="ContentPasted0"> application/x-pilot prc pdb;</div>
<div class="ContentPasted0"> application/x-rar-compressed rar;</div>
<div class="ContentPasted0"> application/x-redhat-package-manager rpm;</div>
<div class="ContentPasted0"> application/x-sea sea;</div>
<div class="ContentPasted0"> application/x-shockwave-flash swf;</div>
<div class="ContentPasted0"> application/x-stuffit sit;</div>
<div class="ContentPasted0"> application/x-tcl tcl tk;</div>
<div class="ContentPasted0"> application/x-x509-ca-cert der pem crt;</div>
<div class="ContentPasted0"> application/x-xpinstall xpi;</div>
<div class="ContentPasted0"> application/xhtml+xml xhtml;</div>
<div class="ContentPasted0"> application/xspf+xml xspf;</div>
<div class="ContentPasted0"> application/zip zip;</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0"> application/octet-stream bin exe dll;</div>
<div class="ContentPasted0"> application/octet-stream deb;</div>
<div class="ContentPasted0"> application/octet-stream dmg;</div>
<div class="ContentPasted0"> application/octet-stream iso img;</div>
<div class="ContentPasted0"> application/octet-stream msi msp msm;</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0"> audio/midi mid midi kar;</div>
<div class="ContentPasted0"> audio/mpeg mp3;</div>
<div class="ContentPasted0"> audio/ogg ogg;</div>
<div class="ContentPasted0"> audio/x-m4a m4a;</div>
<div class="ContentPasted0"> audio/x-realaudio ra;</div>
<div><br class="ContentPasted0">
</div>
<div class="ContentPasted0"> video/3gpp 3gpp 3gp;</div>
<div class="ContentPasted0"> video/mp2t ts;</div>
<div class="ContentPasted0"> video/mp4 mp4;</div>
<div class="ContentPasted0"> video/mpeg mpeg mpg;</div>
<div class="ContentPasted0"> video/quicktime mov;</div>
<div class="ContentPasted0"> video/webm webm;</div>
<div class="ContentPasted0"> video/x-flv flv;</div>
<div class="ContentPasted0"> video/x-m4v m4v;</div>
<div class="ContentPasted0"> video/x-mng mng;</div>
<div class="ContentPasted0"> video/x-ms-asf asx asf;</div>
<div class="ContentPasted0"> video/x-ms-wmv wmv;</div>
<div class="ContentPasted0"> video/x-msvideo avi;</div>
}<br>
</div>
<div class="elementToProof">
<div style="font-family: Calibri, Helvetica, sans-serif; font-size: 14pt; color: rgb(0, 0, 0);">
<br>
</div>
<div id="Signature">
<div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
--</div>
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Shedi<br>
</div>
</div>
</div>
</div>
<div id="appendonsend"></div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>From:</b> Sergey A. Osokin <osa@freebsd.org.ru><br>
<b>Sent:</b> 17 March 2023 02:46<br>
<b>To:</b> nginx@nginx.org <nginx@nginx.org><br>
<b>Cc:</b> Shreenidhi Shedi <sshedi@vmware.com><br>
<b>Subject:</b> Re: Changing ownership of proxy_temp and other temp directories</font>
<div> </div>
</div>
<div class="BodyFragment"><font size="2"><span style="font-size:11pt;">
<div class="PlainText">!! External Email<br>
<br>
Hi,<br>
<br>
On Thu, Mar 16, 2023 at 06:19:42PM +0000, Shreenidhi Shedi via nginx wrote:<br>
><br>
> I have hosted a nginx server instance and the temp directories are created under /etc/nginx/<br>
><br>
> $ ls -ld /etc/nginx/*_temp<br>
> drwx------ 2 nobody root 4096 Mar 16 15:21 /etc/nginx/client_body_temp<br>
[...]<br>
><br>
> And I updated to a newer version of nginx which runs in "nginx" user<br>
> context and after that these directory ownership is getting changed<br>
> to nginx:root but the issue is, it happens only on these top<br>
> directories and not directories within these temp directories.<br>
><br>
> I did strace on the same to confirm my theory.<br>
<br>
[strace is skipped]<br>
<br>
It seems like previously nginx' worker process was running under<br>
`nobody' user, so the directory structure has appropriate<br>
permissions. The configuration setting was changed to `nginx'<br>
user then, and when nginx main process started, it checked and<br>
updated directories permissions according to the new settings.<br>
<br>
> Now the issue is, why chown happens only on top directory and<br>
> not recursively on all files and directories inside them?<br>
<br>
Please take a look in the source code,<br>
<a href="https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fhg.nginx.org%2Fnginx%2Ffile%2Ftip%2Fsrc%2Fcore%2Fngx_file.c%23l598&data=05%7C01%7Csshedi%40vmware.com%7Ccc1606f4494b48ed496308db2663c194%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C638145982140985501%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2BnlexAGf4iaOhxIl0GnCZOGUfufWlJyuefJOFP%2Bvb6I%3D&reserved=0">https://nam04.safelinks.protection.outlook.com/?url=http%3A%2F%2Fhg.nginx.org%2Fnginx%2Ffile%2Ftip%2Fsrc%2Fcore%2Fngx_file.c%23l598&data=05%7C01%7Csshedi%40vmware.com%7Ccc1606f4494b48ed496308db2663c194%7Cb39138ca3cee4b4aa4d6cd83d9dd62f0%7C0%7C0%7C638145982140985501%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C3000%7C%7C%7C&sdata=%2BnlexAGf4iaOhxIl0GnCZOGUfufWlJyuefJOFP%2Bvb6I%3D&reserved=0</a><br>
<br>
> Is this a bug or is it fixed in latest version of nginx?<br>
<br>
I don't think there's a bug in that part of the code.<br>
As a workaround for the transition content to a new user, it's<br>
easy to run an one line script to update permissions of those<br>
directories.<br>
<br>
> I'm currently using nginx-1.22.0. Any help would be appreciated.<br>
<br>
I'd recommend to upgrade to the recent version in stable<br>
branch, 1.22.1.<br>
<br>
Thank you.<br>
<br>
--<br>
Sergey A. Osokin<br>
<br>
!! External Email: This email originated from outside of the organization. Do not click links or open attachments unless you recognize the sender.<br>
</div>
</span></font></div>
</body>
</html>