Opened 20 months ago
Closed 20 months ago
#2471 closed defect (duplicate)
reopen logs root
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | trivial | Milestone: | |
| Component: | nginx-core | Version: | 1.18.x |
| Keywords: | logs reopenlogs owner chmod | Cc: | |
| uname -a: | Linux 02-http 5.10.0-21-amd64 #1 SMP Debian 5.10.162-1 (2023-01-21) x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.18.0
built with OpenSSL 1.1.1n 15 Mar 2022 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -ffile-prefix-map=/build/nginx-x3gsRV/nginx-1.18.0=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module |
||
Description
debian stable (11.6)
nginx from official debian repo (nginx-full1.18.0-6.1+deb11u3)
when nginx justs start and logs files not exists, nginx creates log files with root:root owner and mod (644) so it looks good as expected
on kill -USR1 (reopen logs) nginx drop logs privileges to www-data an recreate them with www-data:root, makes them writable to www-data user, not sure this is bug or feature? look like bug for me
expected behavior keep logs root accessible only
Note:
See TracTickets
for help on using tickets.
Since nginx reopens logs in the worker processes, it needs write access for the nginx user when reopening logs, and changes log file ownership accordingly. See #376 for more details and discussion of an alternative approach to log rotation.