Hi Terry, > > But Jon meant the user that nginx runs as when processing incoming > > HTTP requests, e.g. `www-data'. This is done so an error in nginx, > > or in code you ask it to run, has limited access rights when it goes > > haywire, or is exploited by an attacker. > > Hmm. I think I understand.
If I can use Firefox to execute any command line I like on your Pi through nginx then better they run as www-data rather than terry or root because www-data is only being used for web serving, not your household accounts, or setting user passwords. > > $ ps o user,uid,pid,ppid,command `pidof nginx` > > USER UID PID PPID COMMAND > > root 0 3381 1 nginx: master process /usr/sbin/nginx -g > > daemon on; master_process on; > > www-data 33 3383 3381 nginx: worker process > > www-data 33 3384 3381 nginx: worker process > > www-data 33 13213 3381 nginx: worker process > > $ > > I wouldn't have known how to identify the user that nginx runs as > other than looking in top. That said 'root'. Yes, nginx is started as root because it needs to listen on TCP port 80 as that's allocated for HTTP requests, and the low numbered ports need root access. But the child processes it forks to do work that don't require root privileges change their UID to www-data. You can see that in the ps(1) output above, and follow the PPID, parent PID, column to the PID one. > > > http://hadrian-way.co.uk/Audio_Guide/audio_guide.html > > > http://hadrian-way.co.uk/Kiddies_Quiz/index.html > > To clarify; I can surf to the Audio Guide or the Kiddies Quiz, by > typing in the links I gave you to my own webserver and it works. On > the Raspberry Pi they didn't, even when the code (meaning directory > names) was identical to that on my domain. When I shortened the > directory names (and changed the Audio Guide html page to index.html), > everything worked. > > So the question is why is it OK on my website and not on the Pi? In both cases you're surfing, and typing underscore, into your phone? Try, as root on the server, e.g. `sudo -i', cd /var/www/html mkdir x y_z echo x here >x/t.txt echo y_z here >y_z/t.txt You should be able to access those from Linux with $ curl -sS http://FIXME/{x,y_z}/t.html x here y_z here $ Then also try your phone. There's also /var/log/nginx to look at if you can re-create the original problem, e.g. moving the directory names' back. Cheers, Ralph. -- Next meeting: Bournemouth, Tuesday, 2017-03-07 20:00 Meets, Mailing list, IRC, LinkedIn, ... http://dorset.lug.org.uk/ New thread: mailto:[email protected] / CHECK IF YOU'RE REPLYING Reporting bugs well: http://goo.gl/4Xue / TO THE LIST OR THE AUTHOR
