Nginx does not re-open log files on SIGUSR1.
Gena Makhomed
gmm at csdoc.com
Mon Jan 3 16:16:00 MSK 2011
On 03.01.2011 14:49, Piotr Karbowski wrote:
> I was able to 'fix' it, which is more like workaround than a real fix,
> by adding permissions for nginx user to /var/log/nginx.
>
> Before I had 700 root:root on /var/log/nginx because I am a little
> paranoid and I saw no real reason to add workers there since master
> process, running as root, is writting there.
>
> After changing owner to nginx, nginx is able re-open logs after SIGUSR1.
master process running as root open/write files in /var/log/nginx
- if nginx user have write permissions to this directory,
700 nginx:nginx - such setup is vulnerable by symlink attack
better approach set permissions 750 root:nginx /var/log/nginx
or 750 root:www-logs /var/log/nginx and add user nginx to group www-logs
> Looks like rotated empty logs have root:root 600 perms, maybe it is the
> problem?
show your logrotate config for nginx log files.
> But again, I think master write there, not workers.
nginx workers also write to log files.
--
Best regards,
Gena
More information about the nginx
mailing list