Mar 16, 2012
tom

Run nginx as a non-root user

Question

I followed this process to installing nginx on my Ubuntu 10.04 Lucid Server http://library.linode.com/web-servers/nginx/installation/ubuntu-10.04-lucid

I got lost after the point of creating an init script to start nginx, and then calling /etc/init.d/nginx start. When I did that, I got the following error:

Starting nginx_main: Starting /opt/nginx/sbin/nginx...
nginx: [alert] could not open error log file: open() "/opt/nginx/logs/error.log" failed (13: Permission denied)
2012/03/16 18:17:27 [emerg] 859#0: open() "/opt/nginx/logs/access.log" failed (13: Permission denied)

The only way I can run it is if I use sudo and it runs the process as root, which is what I don’t want.

I’ve chown‘d the entire directory (chown -R nginx:nginx /opt/nginx) and I’ve also chmod -R 755 the directory as well.

Adding the user directive as suggested by CS3 also gives me this error, but with an additional line.

Starting nginx_main: Starting /opt/nginx/sbin/nginx...
nginx: [alert] could not open error log file: open() "/opt/nginx/logs/error.log" failed (13: Permission denied)
2012/03/16 18:48:34 [warn] 1606#0: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /opt/nginx/conf/nginx.conf:2
2012/03/16 18:48:34 [emerg] 1606#0: open() "/opt/nginx/logs/access.log" failed (13: Permission denied)

Any ideas?

Asked by John

Answer

First of all, init scripts are supposed to be run

sudo /etc/init.d/name

when you are not logged in as root( when logged-in user is sudo enabled)

Secondly, when you run sudo /etc/init.d/nginx start ==> it fires the master nginx process as root and worker processes as the user you specified in your nginx.conf user directive(eg. www-data)

Can you confirm if all your process under nginx as being run by root when issuing sudo /etc/init.d/nginx start ?

with

ps aux | grep [n]ginx

eg.

enter image description here

Suggestion: Ubuntu 10.04 LTS has excellent ubuntu package support from nginx team. So, why bother installing from source if you do not have requirement for custom module inside nginx ?

Consult here

The binary package already comes with pretty much needed modules

nginx version: nginx/1.0.12
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-debug --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_realip_module --with-http_stub_status_module --with-http_ssl_module --with-http_sub_module --with-http_xslt_module --with-ipv6 --with-sha1=/usr/include/openssl --with-md5=/usr/include/openssl --with-mail --with-mail_ssl_module --add-module=/build/buildd/nginx-1.0.12/debian/modules/nginx-echo --add-module=/build/buildd/nginx-1.0.12/debian/modules/nginx-upstream-fair
Answered by kaji

No related posts.

Leave a comment