security question.
Cliff Wells
cliff at develix.com
Fri Apr 11 20:47:59 MSD 2008
On Fri, 2008-04-11 at 05:36 -0400, Amer Shah wrote:
> I'm about to throw the towel in. I was wondering how big a deal is it
> to not run it in a jail. Is chrooting it sufficient. What do people
> around here normally
> do ?
I usually run it as a normal process (as user nginx). It's the
applications I worry about more than the web server itself. Since Nginx
(unlike a typical Apache configuration), doesn't run applications within
its own process space (unlike Apache's mod_php, mod_python, etc), it's
fairly easy to run those applicatons under separate users and this
greatly alleviates many security risks.
My general feeling is that standard *nix permissions are adequate if
properly enforced.
Regards,
Cliff
More information about the nginx
mailing list