logfiles group ownership

Igor Sysoev igor at sysoev.ru
Tue Dec 15 19:53:34 MSK 2009


On Tue, Dec 15, 2009 at 07:59:43AM -0500, robtinsley wrote:

> I am running nginx-0.7.64 and my nginx.conf includes "user nginx nginx;"
> 
> If I rotate logfiles and send SIGUSR1, new logfiles are created owned by user=nginx group=root (rather than group=nginx as I had expected).
> 
> I looked at the source and I think that the problem is in ngx_file.c:
> 
> 
> ngx_int_t
> ngx_create_pathes(ngx_cycle_t *cycle, ngx_uid_t user)
> {
> // ...
>         if (fi.st_uid != user) {
>             if (chown((const char *) path->name.data, user, -1) == -1) {
>                 ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
>                               "chown(\"%s\", %d) failed",
>                               path->name.data, user);
>                 return NGX_ERROR;
>             }
>         }
> // ...
> }
> 
> 
> 
> Unfortunately, no group information is passed to this function, so logfiles are created with the effective(?) gid of the master process (often root).
> 
> Depending on your OS, a work-around may be possible by adding a "create" line to /etc/lograte.d/nginx, and then setting the group permissions manually (/bin/chgrp) on the log-files.

Yes, there is some inconsistency in log files access right.
Actually, before the first SIGUSR1 they are owned by "root:wheel",
after the first SIGUSR1 they are owned by "USER:wheel".


-- 
Igor Sysoev
http://sysoev.ru/en/



More information about the nginx mailing list