I'm running nginx web server on my DMZ servers. It has the ability to
run the master process as root and the workers as a non-root user. All
logs, pid file, etc. are written by the master process. I was thinking
of redirecting port 80 traffic to a non-privileged port via pf and
running nginx master and worker procs as non-root user.
Would there be more security in this configuration?
The only downside I can think of is that if a worker proc is
compromised, the log files could be as well. Other than that, it seems
more secure to avoid running as root, especially third party apps. Am I
missing something?
-pachl
