I have compiled the latest version of nginx (0.8.32) with support for Phusion Passenger (Ruby Enterprise Edition 1.8.7-2010.01), and I am trying to verify that user-switching is working properly, but it appears that the worker processes are staying as the user defined at the top of the nginx.conf ("user nginx" in my case). My Rails file tree is owned by "user01", so shouldn't user switching run the code as "user01" instead of "nginx"? For my test, the site renders properly if you CHMOD the files to 777 or if you change the workers to run as "root", however if the files are chmod 700 (owned by "user01") then nginx gives me a 403 Forbidden error, which makes me think it is still running as user "nginx" which doesn't have access to the files.
Am I not understanding how this is supposed to work? Thanks.
Here is my conf file in case it helps:
user nginx;
worker_processes 6;
events
{
worker_connections 1024;
}
http
{
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log off;
error_log off;
sendfile on;
tcp_nopush on;
tcp_nodelay off;
keepalive_timeout 5;
passenger_root /usr/local/ruby-enterprise-1.8.7-2010.01/lib/ruby/gems/1.8/gems/passenger-2.2.9;
passenger_ruby /usr/local/bin/ruby;
gzip on;
gzip_static on;
gzip_proxied any;
gzip_vary on;
gzip_disable "MSIE [1-6]\.";
gzip_http_version 1.1;
gzip_min_length 1100;
gzip_comp_level 2;
gzip_types text/plain text/css text/xml application/x-javascript application/pdf application/xml application/xhtml+xml application/xml+rss text/javascript;
server
{
listen * default;
server_name _;
access_log /var/log/nginx/domain.com-access.log main;
error_log /var/log/nginx/domain.com-error.log debug;
root /var/www/user01/domain.com/public;
index index.php index.html index.htm;
large_client_header_buffers 4 8k;
location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico)$
{
access_log off;
expires 30d;
}
location /
{
passenger_enabled on;
rails_spawn_method smart;
}
}
}