Hi all I'm using nginx-full 1.10.2-1~dotdeb+8.1 from dotdeb.org on Debian.
nginx -V nginx version: nginx/1.10.2 built with OpenSSL 1.0.1t 3 May 2016 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-file-aio --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_secure_link_module --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module --add-dynamic-module=/usr/src/builddir/debian/modules/nginx-auth-pam --add-module=/usr/src/builddir/debian/modules/nginx-dav-ext-module --add-module=/usr/src/builddir/debian/modules/nginx-echo --add-module=/usr/src/builddir/debian/modules/nginx-upstream-fair --add-module=/usr/src/builddir/debian/modules/ngx_http_substitutions_filter_module --add-module=/usr/src/builddir/debian/modules/nginx-cache-purge --add-module=/usr/src/builddir/debian/modules/ngx_http_pinba_module --add-module=/usr/src/builddir/debian/modules/nginx-x-rid-header --with-ld-opt=-lossp-uuid I do have several nginx inscances on one Server, they all run as a different users. There is one main nginx instance which runs as the user www-data. *_temp_path is set to a different location for all nginx instances excluding the main instance. The main www-data instance is still using /var/lib/nginx. Configuration example for custom temp dirs: ================================================================ fastcgi_temp_path /var/www/vhosts/XYZ/tmp/nginx/fcgi; scgi_temp_path /var/www/vhosts/XYZ/tmp/nginx/scgi; uwsgi_temp_path /var/www/vhosts/XYZ/tmp/nginx/wsgi; client_body_temp_path /var/www/vhosts/XYZ/tmp/nginx/body; proxy_temp_path /var/www/vhosts/XYZ/tmp/nginx/proxy; ================================================================ Now, let's restart the main nginx. You can see that all files/directories in /var/lib/nginx are owned by www-data:www-data: ================================================================ root@xxxx-web-03:/var/log/nginx# systemctl restart nginx.service root@xxxx-web-03:/var/log/nginx# ls -la /var/lib/nginx total 28 drwxr-xr-x 7 www-data www-data 4096 Oct 25 15:45 . drwxr-xr-x 43 root root 4096 Oct 6 15:15 .. drwx------ 2 www-data www-data 4096 Oct 25 15:03 body drwx------ 2 www-data www-data 4096 Oct 6 14:43 fastcgi drwx------ 9 www-data www-data 4096 Oct 25 10:18 proxy drwx------ 2 www-data www-data 4096 Oct 6 14:43 scgi drwx------ 2 www-data www-data 4096 Oct 6 14:43 uwsgi ================================================================ After restarting nginx-XYZ.service, all files/directories are owned by XYZ: ================================================================ root@xxxx-web-03:/var/log/nginx# systemctl restart nginx-XYZ.service root@xxxx-web-03:/var/log/nginx# ls -la /var/lib/nginx total 28 drwxr-xr-x 7 www-data www-data 4096 Oct 25 15:45 . drwxr-xr-x 43 root root 4096 Oct 6 15:15 .. drwx------ 2 XYZ www-data 4096 Oct 25 15:03 body drwx------ 2 XYZ www-data 4096 Oct 6 14:43 fastcgi drwx------ 9 XYZ www-data 4096 Oct 25 10:18 proxy drwx------ 2 XYZ www-data 4096 Oct 6 14:43 scgi drwx------ 2 XYZ www-data 4096 Oct 6 14:43 uwsgi root@xxxx-web-03:/var/log/nginx# ================================================================ I can't find the string /var/lib/nginx in any nginx Configuration file on the system: ================================================================ root@xxxx-web-03:/var/log/nginx# grep -r "/var/lib/nginx" /etc/nginx-XYZ/ root@xxxx-web-03:/var/log/nginx# grep -r "/var/lib/nginx" /etc/nginx/ root@xxxx-web-03:/var/log/nginx# ================================================================ I can set all *_temp_path directories of the www-data nginx to an other direcory, this is my current workaround for this issue. But i believe that the nginx shouldn't touch /var/lib/ngin/* if this directory isn't in the configuration file. Any idea? Should i open a bug? Best Regards Daniel _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
