Opened 17 months ago
Closed 17 months ago
#2417 closed defect (invalid)
nginx temp file Directory permissions change
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | nginx-core | Version: | 1.20.x |
| Keywords: | Cc: | yjlr.jia@… | |
| uname -a: | Linux activemq 5.4.109-1.el7.elrepo.x86_64 #1 SMP Mon Mar 29 10:03:34 EDT 2021 x86_64 x86_64 x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.20.2
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: --prefix=/usr/local/nginx1.20 --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module |
||
Description
when I start nginx use “ultiamtech” user,
[ultimatech@activemq nginx]$ pwd
/usr/local/nginx
[ultimatech@activemq nginx]$ ls -lt
总用量 4
drwxr-xr-x 2 ultimatech ultimatech 333 11月 23 10:32 conf
drwxr-xr-x 2 ultimatech ultimatech 58 11月 23 10:28 logs
drwxr-xr-x 2 ultimatech ultimatech 32 11月 23 10:28 sbin
-rw-rw-r-- 1 ultimatech ultimatech 307 11月 23 09:56 1.txt
drwx------ 2 ultimatech ultimatech 6 11月 22 18:40 client_body_temp
drwx------ 2 ultimatech ultimatech 6 11月 22 18:40 fastcgi_temp
drwx------ 2 ultimatech ultimatech 6 11月 22 18:40 proxy_temp
drwx------ 2 ultimatech ultimatech 6 11月 22 18:40 scgi_temp
drwx------ 2 ultimatech ultimatech 6 11月 22 18:40 uwsgi_temp
drwxr-xr-x 2 ultimatech ultimatech 40 11月 22 18:40 html
[ultimatech@activemq nginx]$ sbin/nginx -v
nginx version: nginx/1.22.1
[ultimatech@activemq nginx]$
[ultimatech@activemq nginx]$ sbin/nginx
[ultimatech@activemq nginx]$ ps -ef|grep nginx
ultimat+ 54881 1 0 10:58 ? 00:00:00 nginx: master process sbin/nginx
ultimat+ 54882 54881 0 10:58 ? 00:00:00 nginx: worker process
ultimat+ 54885 54608 0 10:59 pts/2 00:00:00 grep --color=auto nginx
we find the directory *_temp owner is : ultiamtech
but when we use "root" user ,exec command: "nginx -t" , the file directory *_temp : owner change ,directory owner is : nobody ,like this:
[root@activemq nginx]# pwd
/usr/local/nginx
[root@activemq nginx]# ls -lt
总用量 4
drwxr-xr-x 2 ultimatech ultimatech 58 11月 23 10:58 logs
drwxr-xr-x 2 ultimatech ultimatech 333 11月 23 10:58 conf
drwxr-xr-x 2 ultimatech ultimatech 32 11月 23 10:28 sbin
-rw-rw-r-- 1 ultimatech ultimatech 307 11月 23 09:56 1.txt
drwx------ 2 ultimatech ultimatech 6 11月 22 18:40 client_body_temp
drwx------ 2 ultimatech ultimatech 6 11月 22 18:40 fastcgi_temp
drwx------ 2 ultimatech ultimatech 6 11月 22 18:40 proxy_temp
drwx------ 2 ultimatech ultimatech 6 11月 22 18:40 scgi_temp
drwx------ 2 ultimatech ultimatech 6 11月 22 18:40 uwsgi_temp
drwxr-xr-x 2 ultimatech ultimatech 40 11月 22 18:40 html
[root@activemq nginx]# sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@activemq nginx]# ls -lt
总用量 4
drwxr-xr-x 2 ultimatech ultimatech 58 11月 23 10:58 logs
drwxr-xr-x 2 ultimatech ultimatech 333 11月 23 10:58 conf
drwxr-xr-x 2 ultimatech ultimatech 32 11月 23 10:28 sbin
-rw-rw-r-- 1 ultimatech ultimatech 307 11月 23 09:56 1.txt
drwx------ 2 nobody ultimatech 6 11月 22 18:40 client_body_temp
drwx------ 2 nobody ultimatech 6 11月 22 18:40 fastcgi_temp
drwx------ 2 nobody ultimatech 6 11月 22 18:40 proxy_temp
drwx------ 2 nobody ultimatech 6 11月 22 18:40 scgi_temp
drwx------ 2 nobody ultimatech 6 11月 22 18:40 uwsgi_temp
drwxr-xr-x 2 ultimatech ultimatech 40 11月 22 18:40 html
I find the souce code :
ngx_file.c
ngx_int_t
ngx_create_paths(ngx_cycle_t *cycle, ngx_uid_t user){
if (user == (ngx_uid_t) NGX_CONF_UNSET_UINT) {
ngx_log_stderr(0, "nginx create paths start continue ");
continue;
}
if (fi.st_uid != user) { user config define user : start user: ultimatech ,default :nobody
if (chown((const char *) path[i]->name.data, user, -1) == -1) {
ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno,
"chown(\"%s\", %d) failed",
path[i]->name.data, user);
return NGX_ERROR;
}
}
}
Why is there a "chown" operation? the chown() function cat be remove???
When starting or testing configuration, nginx ensures that directories specified in the configuration can be written by nginx worker processes: creates these directories, and does
chown()andchmod()if appropriate. If you don't want this to happen, avoid running nginx under wrong user / with incorrectuserin the configuration.