Hi, On Sun, Jul 16, 2017, at 00:45, Viaduct Lists wrote: > > My point was that you can start the service as root, or set the user to > root in nginx.conf. It’s confusing. Two ways. If I’m deliberately > starting the service as root, why would I need to set the config file to > indicate so? > > Second, setting the nginx.conf directive to user root, whilst using the > default www user as startup, only coughs up an error indicating the > directive was ignored. > > A lot of this makes little sense. >
Only root can create process of different user id so the directive only works for root. It doesn't work for non-root users. nginx will ignore it if it exists because it will not work. It's operating system level security, not nginx. You don't want non-root user to be able to create process under different user id, do you? The reason the option exist is, in many operating systems, only root user can bind to port <1024 (including port 80 and 443 used for http/https) so nginx must be started by root to be able to listen to those ports. But as previously mentioned, doing everything else as root is considered security risk so nginx provides `user` directive to limit codes run by root and thus reduces security risk. 1. root starts nginx 2. nginx parses config, creates master process, binds to port 80, etc as root 3. nginx creates worker processes under different user id according to user directive #3 is only possible if nginx is run as root. Otherwise nginx will just create the processes as the same user running the master process. > > So the only way around this as I see it is to start up as root, because > I’ve tried absolutely everything, and nothing is getting rid of this > nginx.pid permissions error. > > OK then. > You can either chown the nginx.pid to your user, make it writable by your user (chgrp + chown) or point it to other directory your user own (there is `pid` directive [1] to set it). [1] https://nginx.org/r/pid _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
