Opened 11 years ago

Closed 8 years ago

#361 closed defect (worksforme)

user directive is honored incorrectly in nginx.conf

Reported by: Hakan Bayındır Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.2.x
Keywords: Cc:
uname -a: Linux git 3.2.0-4-amd64 #1 SMP Debian 3.2.41-2 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.2.1
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-pcre-jit --with-debug --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_realip_module --with-http_stub_status_module --with-http_ssl_module --with-http_sub_module --with-http_xslt_module --with-ipv6 --with-sha1=/usr/include/openssl --with-md5=/usr/include/openssl --with-mail --with-mail_ssl_module --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-auth-pam --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-echo --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-upstream-fair --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-dav-ext-module

Description

nginx is incorrectly honoring user directive in the configuration file. When only user is given, nginx runs under nobody group. Documents state that, it should use the group, with the same name as the user. This issue may only be present for fastcgi & cgi.

Details:
I'm running a Debian stable server with fcgiwrap & nginx. fcgiwrap is set to run under www-data:www-data and nginx set to www-data user via "user www-data;" directive. I've set up gitweb for repository displaying. To set up I added www-data to git group and set up gitweb. But gitweb got file access errors without any log entry or trace. After changing user directive to "user www-data www-data;" and restarting nginx, problem vanished. Documents[1] state that the second www-data shouldn't be necessary in normal cases. Maybe some parts of the code doesn't interpret the directive as they should.

[1]http://wiki.nginx.org/CoreModule#user

Change History (1)

comment:1 by Maxim Dounin, 8 years ago

Resolution: worksforme
Status: newclosed

If second parameter of the user directive is not specified, first one is used instead. Documentation is perfectly correct here. Likely the root cause of the problem observed was elsewhere.

Note: See TracTickets for help on using tickets.