Errors suggesting nginx isn't started as root

Palvelin Postmaster postmaster at palvelin.fi
Thu Sep 5 19:45:11 UTC 2019 

Great catch, I hadn’t noticed that. Thanks Maxim!

Now I need to figure out what that process is. The log suggests it gets started when I launch the service but doesn’t keep running.

root at k2:/var/www# service nginx restart

root at k2:/var/www# tail /var/log/nginx/error.log
2019/09/05 22:40:34 [warn] 10871#10871: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:21
2019/09/05 22:40:34 [emerg] 10871#10871: cannot load certificate key "/etc/ssl/private/nginx-selfsigned.key": BIO_new_file() failed (SSL: error:0200100D:system library:fopen:Permission denied:fopen('/etc/ssl/private/nginx-selfsigned.key','r') error:2006D002:BIO routines:BIO_new_file:system lib)

root at k2:/var/www# ps -auxw |grep nginx
root     10789  0.0  0.0 387164  4352 ?        Ss   22:40   0:00 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
www-data 10793  0.0  0.1 389708 12808 ?        S    22:40   0:00 nginx: worker process
www-data 10794  0.0  0.1 389464  9320 ?        S    22:40   0:00 nginx: worker process
www-data 10795  0.0  0.1 389464  9508 ?        S    22:40   0:00 nginx: cache manager process
www-data 10799  0.0  0.1 389464  9508 ?        S    22:40   0:00 nginx: cache loader process
root     10885  0.0  0.0  14660  1084 pts/0    R+   22:40   0:00 grep --color=auto nginx



> On 5 Sep 2019, at 11.52, Maxim Dounin <mdounin at mdounin.ru> wrote:
> 
> Hello!
> 
> On Wed, Sep 04, 2019 at 03:59:41PM -0700, Palvelin Postmaster wrote:
> 
>> This is still a big mystery to me. Upgrading to nginx 1.16.1 didn’t help.
>> 
>> As far as I can understand, the nginx master process IS running with root privileges.
> 
> The error is from process 22399, and no information available to 
> find out the user started it.  The errors suggest it wasn't root.
> 
>>> 2018/09/19 11:38:47 [warn] 22399#22399: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:21
>>> 2018/09/19 11:38:47 [emerg] 22399#22399: SSL_CTX_use_PrivateKey_file("/etc/ssl/private/nginx-selfsigned.key") failed (SSL: error:0200100D:system library:fopen:Permission denied:fopen('/etc/ssl/private/nginx-selfsigned.key','r') error:20074002:BIO routines:file_ctrl:system lib error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib)
> 
> [...]
> 
>>> root at k2:~# ps -auxw |grep nginx
>>> root     22317  0.0  0.2 359680  9300 ?        Ss   11:38   0:00 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
>>> www-data 22322  0.0  0.3 361980 15356 ?        S    11:38   0:00 nginx: worker process
>>> www-data 22323  0.2  0.4 362244 18984 ?        S    11:38   0:00 nginx: worker process
>>> www-data 22326  0.0  0.3 361980 14760 ?        S    11:38   0:00 nginx: cache manager process
>>> www-data 22327  0.0  0.3 361980 14760 ?        S    11:38   0:00 nginx: cache loader process

More information about the nginx mailing list