security question.

Cliff Wells cliff at develix.com
Fri Apr 11 20:47:59 MSD 2008


On Fri, 2008-04-11 at 05:36 -0400, Amer Shah wrote:
> I'm about to throw the towel in. I was wondering how big a deal is it
> to not run it in a jail. Is chrooting it sufficient. What do people
> around here normally
> do ?

I usually run it as a normal process (as user nginx).  It's the
applications I worry about more than the web server itself.  Since Nginx
(unlike a typical Apache configuration), doesn't run applications within
its own process space (unlike Apache's mod_php, mod_python, etc), it's
fairly easy to run those applicatons under separate users and this
greatly alleviates many security risks.

My general feeling is that standard *nix permissions are adequate if
properly enforced.  

Regards,
Cliff






More information about the nginx mailing list