how to enable non root user to execute nginx reload

allenhe nginx-forum at forum.nginx.org
Mon Oct 19 11:24:40 UTC 2020


A non root process needs to signal reload to nginx master (as root) without
sudo

I've tried using setcap and setpriv with CAP_KILL, both not work.


# getcap nginx/sbin/nginx
nginx/sbin/nginx = cap_kill+ip
#su user01 -s /bin/sh -c 'nginx/sbin/nginx -s reload'
nginx: [alert] kill(68, 1) failed (1: Operation not permitted)


#setpriv --inh-caps +cap_5 --ambient-caps +cap_5 su user001 -s /bin/sh -c
'nginx/sbin/nginx -s reload'
nginx: [alert] kill(68, 1) failed (1: Operation not permitted)


I don't konw if this is specifc to nginx only or I mis used the linux
capability?
looking foward for the help


BR,
Allen

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,289755,289755#msg-289755



More information about the nginx mailing list