[PATCH] The directives such as user, rlimit_core should also be effective on master process

Quanah Gibson-Mount quanah at zimbra.com
Tue Aug 5 17:10:45 UTC 2014


--On Tuesday, August 05, 2014 12:58 PM +0400 Maxim Dounin 
<mdounin at mdounin.ru> wrote:

> Hello!
>
> On Tue, Aug 05, 2014 at 02:26:59AM -0500, Kunal Pariani wrote:
>
>> # HG changeset patch
>> # User Kunal Pariani <kpariani at zimbra.com>
>> # Date 1407194790 25200
>> #      Mon Aug 04 16:26:30 2014 -0700
>> # Node ID f25ab24517bb5e45b1b7fa1a1502b907f2cff213
>> # Parent  f8764e20fcd7f87d98fe97f82b2a8d0a77ed9097
>> The directives such as user, rlimit_core should also be effective on
>> master process
>
> No, thanks.  The master process should remain root to be able to
> read priveleged configuration files during configuration reload,
> open listening sockets on priveleged ports and so on.

The drop to the user happens *after* the files & ports have been opened 
already.  This is how many *nix server processes work, as an additional 
security measure.  We've been using nginx with this patch since nginx 
0.5.37, so it's quite heavily tested.

See also: 
<http://www.dwheeler.com/secure-class/Secure-Programs-HOWTO/minimize-privileges.html>
and
<http://www.ibm.com/developerworks/linux/library/l-sppriv/index.html>

-Quanah

--

Quanah Gibson-Mount
Server Architect
Zimbra, Inc.
--------------------
Zimbra ::  the leader in open source messaging and collaboration



More information about the nginx-devel mailing list