#2571 closed defect (invalid)
Start non-blocking error when using the "user" setting
| Reported by: | Mathieu REHO | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | nginx-1.26 |
| Component: | nginx-core | Version: | 1.25.x |
| Keywords: | owner, user, systemd, privilege | Cc: | |
| uname -a: | Linux stor01 6.2.0-36-generic #37~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Mon Oct 9 15:34:04 UTC 2 x86_64 x86_64 x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.25.3
built with OpenSSL 3.0.2 15 Mar 2022 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -ffile-prefix-map=/build/nginx-qC1jtR/nginx-1.25.3=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-compat --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_v3_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_sub_module |
||
Description
Having this as SystemD override configuration :
# cat /etc/systemd/system/nginx.service.d/override.conf [Service] PIDFile=/run/nginx/nginx.pid RuntimeDirectory=nginx RuntimeDirectoryMode=0775 LimitNOFILE=1048576
and this as the begining of my nginx.conf :
# cat /etc/nginx/nginx.conf user nginx www-data; ...
I get this error in my main Nginx error log :
2023/12/03 17:55:05 [warn] 624580#624580: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1 2023/12/03 17:55:05 [emerg] 624580#624580: open() "/run/nginx/nginx.pid" failed (13: Permission denied)
While I do not user the User nor Group directive inside the Nginx's SystemD service configuration.. so nginx master process runs as root before downgrading, so the error has no sense.
For information :
# ls -la /run/nginx total 2 drwxrwxr-x 2 root root 100 Dec 3 17:55 . drwxr-xr-x 45 root root 1380 Dec 3 17:55 .. -rw-r--r-- 1 root root 7 Dec 3 17:55 nginx.pid
Thank you in advance for your help.
Note:
See TracTickets
for help on using tickets.
The warning you are seeing suggests that nginx is started under non-root user. Failure to open
/run/nginx/nginx.pidsuggests the same. So, basically, the question is how it happens that nginx is started under non-root user in your configuration, and why nginx still works for you despite the fatal error.Are you sure you are seeing relevant logs as a result of starting nginx via systemd, and not manually? Could you reproduce it, and how? Which package you are using - it seems to be neither one from Ubuntu 22.04 nor the one from nginx.org? What's in the relevant systemd unit file (output of
systemctl cat nginx.servicemight be helpful)?