FreeBSD Clean Install Permissions Errors

nanaya me at
Sat Jul 15 16:08:09 UTC 2017


On Sun, Jul 16, 2017, at 00:45, Viaduct Lists wrote:
> My point was that you can start the service as root, or set the user to
> root in nginx.conf.  It’s confusing.  Two ways.  If I’m deliberately
> starting the service as root, why would I need to set the config file to
> indicate so?
> Second, setting the nginx.conf directive to user root, whilst using the
> default www user as startup, only coughs up an error indicating the
> directive was ignored.  
> A lot of this makes little sense.  

Only root can create process of different user id so the directive only
works for root.

It doesn't work for non-root users. nginx will ignore it if it exists
because it will not work. It's operating system level security, not
nginx. You don't want non-root user to be able to create process under
different user id, do you?

The reason the option exist is, in many operating systems, only root
user can bind to port <1024 (including port 80 and 443 used for
http/https) so nginx must be started by root to be able to listen to
those ports. 

But as previously mentioned, doing everything else as root is considered
security risk so nginx provides `user` directive to limit codes run by
root and thus reduces security risk.

1. root starts nginx
2. nginx parses config, creates master process, binds to port 80, etc as
3. nginx creates worker processes under different user id according to
user directive

#3 is only possible if nginx is run as root. Otherwise nginx will just
create the processes as the same user running the master process.

> So the only way around this as I see it is to start up as root, because
> I’ve tried absolutely everything, and nothing is getting rid of this
> permissions error.  
> OK then.  

You can either chown the to your user, make it writable by
your user (chgrp + chown) or point it to other directory your user own
(there is `pid` directive [1] to set it).


More information about the nginx mailing list