Possible nginx security enhancement
Michele Alzetta
michele at alzetta.org
Thu Jul 28 17:59:14 UTC 2011
Hallo all,
I have been using nginx very satisfactorily for a few years by now.
Recently I noticed I was having problems with my sites, and finally traced
them back to an nginx problem.
I use nginx on a gentoo linux system, and when nginx is emerged the
necessary directories are created in /var/tmp:
nginx - client
- fastcgi
- proxy
- scgi
- uwsgi
What happens is that, if /var/tmp/nginx directory is missing, nginx will
not start at all. However, if subdirectories have been cancelled, nginx
will start normally, but sites won't work properly ( things like uploading
attachments for squirrelmail or changing theme preferences in drupal etc.
) In my case, the /var/tmp/nginx subdirectories had been cancelled (my
fault)
I appreciate the fact that nginx checks the conf file before starting or
restarting - helps avoiding a mess when you've edited a file and forgotten
an extra } somewhere.
Wouldn't it be good if it also checked for the proper directories to
exist? Or even created them if they didn't exist?
/var/tmp is a directory which may be cleaned up periodically to avoid
useless clutter and this sometimes leads to weird mistakes.
Just a suggestion.
Michele
More information about the nginx
mailing list