FreeBSD Clean Install nginx.pid Permissions Errors

Viaduct Lists lists at viaduct-productions.com
Sat Jul 15 15:45:29 UTC 2017


> On Jul 15, 2017, at 6:24 AM, nanaya <me at nanaya.pro> wrote:
> 
>> If I deliberately start up using root, why would I need a directive that
>> indicates that?  This directive seems like a reminder after the fact.  
>> 
> 
> root is usually needed to bind port 80 and 443 so usually people want to
> start it using root. But apart of the binding, having everything running
> as root is dangerous especially for something that's public facing so
> usually root is only used for stuff which requires it and then the
> worker processes, the processes which actually handle requests, are run
> as different user. The `user` directive is used to tell which user the
> processes should be run as.
> 
> The directive defaults to `user nobody nobody` so `user root` means you
> explicitly want the workers to run as root instead of nobody (assuming
> it works).

My point was that you can start the service as root, or set the user to root in nginx.conf.  It’s confusing.  Two ways.  If I’m deliberately starting the service as root, why would I need to set the config file to indicate so?

Second, setting the nginx.conf directive to user root, whilst using the default www user as startup, only coughs up an error indicating the directive was ignored.  

A lot of this makes little sense.  

>> 
>> In my case, all servers reporting this are working and serving as
>> expected.  So the failure and permissions errors are pretty much useless
>> reporting.  
>> 
> 
> While it runs, without working pid file, you'll need alternative way of
> maintaining the process (upgrade, config reload, log rotate, shutdown,
> etc). Especially `-s` switch of `nginx` can't be used to control running
> process because it doesn't have valid pidfile.

So the only way around this as I see it is to start up as root, because I’ve tried absolutely everything, and nothing is getting rid of this nginx.pid permissions error.  

OK then.  

_____________
Rich in Toronto @ VP








More information about the nginx mailing list