Changes between Initial Version and Version 1 of Ticket #376


Ignore:
Timestamp:
06/14/13 11:57:31 (12 years ago)
Author:
Maxim Dounin
Comment:

Current behaviour is as follows:

  • Do not attempt to do anything with logs ownership/permissions on normal startup.
  • Chown logs to a user nginx is configured to run workers on logfile quick reopen signal (USR1).

This allows to use any permissions desired as long as logfile quick reopen isn't used (e.g., full configuration reload is used instead), and ensures logfile quick reopen works as currently implemented. While ownership change after USR1 might be a bit surprising for unfamiliar users, it is believed to be better than unconditional ownership change in any case. The need of execute bit on a log directory doesn't looks like a problem, too (note that read access isn't needed). If you are paranoid enough, you can use full configuration reload instead.

On the other hand, passing opened file descriptors from a master process is certainly better approach on platforms which support it, mostly because it needs less configuration. It is planned enhancement for a long time, let this ticket sit in trac as a reminder.

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #376

    • Property Summary Inconsistent log file handlinglog file reopen should pass opened fd from master process
    • Property Type defectenhancement
  • Ticket #376 – uname -a

    initial v1  
    1 Linux storm 3.9.0-gentoo #1 SMP PREEMPT Tue May 7 21:57:22 CEST 2013 x86_64 Intel(R) Core(TM) i7 CPU Q 820 @ 1.73GHz GenuineIntel GNU/Linux
     1n/a
  • Ticket #376 – nginx -V

    initial v1  
    1 nginx version: nginx/1.4.1
    2 TLS SNI support enabled
    3 configure arguments: --prefix=/usr --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error_log --pid-path=/run/nginx.pid --lock-path=/run/lock/nginx.lock --with-cc-opt=-I/usr/include --with-ld-opt=-L/usr/lib --http-log-path=/var/log/nginx/access_log --http-client-body-temp-path=//var/lib/nginx/tmp/client --http-proxy-temp-path=//var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=//var/lib/nginx/tmp/fastcgi --http-scgi-temp-path=//var/lib/nginx/tmp/scgi --http-uwsgi-temp-path=//var/lib/nginx/tmp/uwsgi --with-file-aio --with-aio_module --with-debug --with-ipv6 --with-pcre --with-pcre-jit --add-module=/var/tmp/paludis/www-servers-nginx-1.4.1-r5/work/nginx_syslog_patch-0.25 --with-http_addition_module --with-http_dav_module --with-http_degradation_module --with-http_flv_module --with-http_geoip_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_perl_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_spdy_module --with-http_stub_status_module --with-http_sub_module --with-http_xslt_module --with-http_realip_module --add-module=/var/tmp/paludis/www-servers-nginx-1.4.1-r5/work/nginx-upload-progress-module-0.9.0 --add-module=/var/tmp/paludis/www-servers-nginx-1.4.1-r5/work/headers-more-nginx-module-0.20 --add-module=/var/tmp/paludis/www-servers-nginx-1.4.1-r5/work/nginx_http_push_module-0.692 --add-module=/var/tmp/paludis/www-servers-nginx-1.4.1-r5/work/ngx_cache_purge-2.1 --add-module=/var/tmp/paludis/www-servers-nginx-1.4.1-r5/work/ngx_slowfs_cache-1.10 --add-module=/var/tmp/paludis/www-servers-nginx-1.4.1-r5/work/ngx-fancyindex-fd3950172a9e6595ad9ec68c11600e2afe6a2674 --add-module=/var/tmp/paludis/www-servers-nginx-1.4.1-r5/work/ngx_devel_kit-0.2.18 --add-module=/var/tmp/paludis/www-servers-nginx-1.4.1-r5/work/lua-nginx-module-0.8.1 --add-module=/var/tmp/paludis/www-servers-nginx-1.4.1-r5/work/nginx_upstream_check_module-99f39394f387211641a1668d61faf2d5186ea1f5 --add-module=/var/tmp/paludis/www-servers-nginx-1.4.1-r5/work/ngx_metrics-0.1.1 --add-module=/var/tmp/paludis/www-servers-nginx-1.4.1-r5/work/naxsi-core-0.50/naxsi_src --add-module=/var/tmp/paludis/www-servers-nginx-1.4.1-r5/work/nginx-rtmp-module-0.9.20 --add-module=/var/tmp/paludis/www-servers-nginx-1.4.1-r5/work/nginx-dav-ext-module-0.0.2 --with-http_ssl_module --with-mail --with-mail_ssl_module --user=nginx --group=nginx
     1n/a