[PATCH] The directives such as user, rlimit_core should also be effective on master process
Quanah Gibson-Mount
quanah at zimbra.com
Tue Aug 5 17:10:45 UTC 2014
--On Tuesday, August 05, 2014 12:58 PM +0400 Maxim Dounin
<mdounin at mdounin.ru> wrote:
> Hello!
>
> On Tue, Aug 05, 2014 at 02:26:59AM -0500, Kunal Pariani wrote:
>
>> # HG changeset patch
>> # User Kunal Pariani <kpariani at zimbra.com>
>> # Date 1407194790 25200
>> # Mon Aug 04 16:26:30 2014 -0700
>> # Node ID f25ab24517bb5e45b1b7fa1a1502b907f2cff213
>> # Parent f8764e20fcd7f87d98fe97f82b2a8d0a77ed9097
>> The directives such as user, rlimit_core should also be effective on
>> master process
>
> No, thanks. The master process should remain root to be able to
> read priveleged configuration files during configuration reload,
> open listening sockets on priveleged ports and so on.
The drop to the user happens *after* the files & ports have been opened
already. This is how many *nix server processes work, as an additional
security measure. We've been using nginx with this patch since nginx
0.5.37, so it's quite heavily tested.
See also:
<http://www.dwheeler.com/secure-class/Secure-Programs-HOWTO/minimize-privileges.html>
and
<http://www.ibm.com/developerworks/linux/library/l-sppriv/index.html>
-Quanah
--
Quanah Gibson-Mount
Server Architect
Zimbra, Inc.
--------------------
Zimbra :: the leader in open source messaging and collaboration
More information about the nginx-devel
mailing list