Opened 10 years ago

Last modified 10 years ago

#617 new enhancement

Add secondary groups configuration option in nginx user conf directive

Reported by: Vivien Leroy Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.7.x
Keywords: groups, user, permissions Cc:
uname -a: Linux archlinux 3.14.0-4-ARCH #1 SMP PREEMPT Wed Apr 9 21:11:25 CEST 2014 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.6.1
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --sbin-path=/usr/bin/nginx --pid-path=/run/ --lock-path=/run/lock/nginx.lock --user=http --group=http --http-log-path=/var/log/nginx/access.log --error-log-path=stderr --http-client-body-temp-path=/var/lib/nginx/client-body --http-proxy-temp-path=/var/lib/nginx/proxy --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-imap --with-imap_ssl_module --with-ipv6 --with-pcre-jit --with-file-aio --with-http_dav_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_realip_module --with-http_spdy_module --with-http_ssl_module --with-http_stub_status_module --with-http_addition_module --with-http_degradation_module --with-http_flv_module --with-http_mp4_module --with-http_secure_link_module --with-http_sub_module


Would be great if we could specify secondary groups as 3rd to nth arguments in the user directive of conf files.
This would use setgroups() I suppose.

Change History (2)

comment:1 by is, 10 years ago

Worker processes calls initgroups(user, group) so you can add the user to required groups.

comment:2 by Vivien Leroy, 10 years ago

Strange, I used "User http http" and "http" user has "http" as primary group and "git" as secondary group but with this config nginx couldn't read files with permissions git:git - rwxr-xr-x

I will try again.

Note: See TracTickets for help on using tickets.