nginx as nonroot - setsockopt not permitted
Maxim Dounin
mdounin at mdounin.ru
Fri Sep 14 11:58:06 UTC 2018
Hello!
On Fri, Sep 14, 2018 at 03:52:03AM -0400, orsolya.magos wrote:
> we use nginx which load-balances toward our snmptrapd. Everything is working
> fine if we start nginx with root. We would like to change it so nginx
> (workers) would start with nginx user. I couldn't make it work, do you have
> any idea what additional thing can I set/check?
>
> nginx -V
> nginx version: nginx/1.12.2
> built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)
Update to nginx 1.13.8+, it should be able to use transparent
proxying on Linux without workers being run as root:
*) Feature: now nginx automatically preserves the CAP_NET_RAW capability
in worker processes when using the "transparent" parameter of the
"proxy_bind", "fastcgi_bind", "memcached_bind", "scgi_bind", and
"uwsgi_bind" directives.
Alternatively, consider not using "proxy_bind ... transparent".
See docs here for additional details:
http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_bind
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx
mailing list