Opened 11 years ago
Closed 9 years ago
#361 closed defect (worksforme)
user directive is honored incorrectly in nginx.conf
| Reported by: | Hakan Bayındır | Owned by: | |
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-core | Version: | 1.2.x |
| Keywords: | Cc: | ||
| uname -a: | Linux git 3.2.0-4-amd64 #1 SMP Debian 3.2.41-2 x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.2.1
TLS SNI support enabled configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-pcre-jit --with-debug --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_realip_module --with-http_stub_status_module --with-http_ssl_module --with-http_sub_module --with-http_xslt_module --with-ipv6 --with-sha1=/usr/include/openssl --with-md5=/usr/include/openssl --with-mail --with-mail_ssl_module --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-auth-pam --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-echo --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-upstream-fair --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-dav-ext-module |
||
Description
nginx is incorrectly honoring user directive in the configuration file. When only user is given, nginx runs under nobody group. Documents state that, it should use the group, with the same name as the user. This issue may only be present for fastcgi & cgi.
Details:
I'm running a Debian stable server with fcgiwrap & nginx. fcgiwrap is set to run under www-data:www-data and nginx set to www-data user via "user www-data;" directive. I've set up gitweb for repository displaying. To set up I added www-data to git group and set up gitweb. But gitweb got file access errors without any log entry or trace. After changing user directive to "user www-data www-data;" and restarting nginx, problem vanished. Documents[1] state that the second www-data shouldn't be necessary in normal cases. Maybe some parts of the code doesn't interpret the directive as they should.
If second parameter of the
userdirective is not specified, first one is used instead. Documentation is perfectly correct here. Likely the root cause of the problem observed was elsewhere.