Welcome! Log In Create A New Profile

Re: Nginx does not re-open log files on SIGUSR1.

Forum List Message List New Topic Print View

Gena Makhomed

January 03, 2011 08:20AM

On 03.01.2011 14:49, Piotr Karbowski wrote:

> I was able to 'fix' it, which is more like workaround than a real fix,
> by adding permissions for nginx user to /var/log/nginx.
>
> Before I had 700 root:root on /var/log/nginx because I am a little
> paranoid and I saw no real reason to add workers there since master
> process, running as root, is writting there.
>
> After changing owner to nginx, nginx is able re-open logs after SIGUSR1.

master process running as root open/write files in /var/log/nginx
- if nginx user have write permissions to this directory,
700 nginx:nginx - such setup is vulnerable by symlink attack

better approach set permissions 750 root:nginx /var/log/nginx

or 750 root:www-logs /var/log/nginx and add user nginx to group www-logs

> Looks like rotated empty logs have root:root 600 perms, maybe it is the
> problem?

show your logrotate config for nginx log files.

> But again, I think master write there, not workers.

nginx workers also write to log files.

--
Best regards,
Gena

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
Nginx does not re-open log files on SIGUSR1.	Piotr Karbowski	January 03, 2011 05:50AM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Sikora	January 03, 2011 06:42AM
Re: Nginx does not re-open log files on SIGUSR1.	Gena Makhomed	January 03, 2011 07:04AM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Sikora	January 03, 2011 07:22AM
Re: Nginx does not re-open log files on SIGUSR1.	Gena Makhomed	January 03, 2011 08:02AM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Sikora	January 03, 2011 08:14AM
Re: Nginx does not re-open log files on SIGUSR1.	John Feuerstein	January 03, 2011 09:00AM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Sikora	January 03, 2011 09:18AM
Re: Nginx does not re-open log files on SIGUSR1.	John Feuerstein	January 03, 2011 10:24AM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Sikora	January 03, 2011 10:38AM
Re: Nginx does not re-open log files on SIGUSR1.	Gena Makhomed	January 03, 2011 11:24AM
Re: Nginx does not re-open log files on SIGUSR1.	Gena Makhomed	January 03, 2011 11:06AM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Karbowski	January 03, 2011 07:52AM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Sikora	January 03, 2011 07:56AM
Re: Nginx does not re-open log files on SIGUSR1.	Gena Makhomed	January 03, 2011 08:20AM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Karbowski	January 03, 2011 09:08AM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Sikora	January 03, 2011 09:12AM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Karbowski	January 03, 2011 09:20AM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Sikora	January 03, 2011 09:28AM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Karbowski	January 03, 2011 09:46AM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Sikora	January 03, 2011 10:50AM
Re: Nginx does not re-open log files on SIGUSR1.	Gena Makhomed	January 03, 2011 10:52AM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Sikora	January 03, 2011 12:08PM
Re: Nginx does not re-open log files on SIGUSR1.	Gena Makhomed	January 03, 2011 12:46PM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Sikora	January 03, 2011 01:10PM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Karbowski	January 03, 2011 03:40PM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Sikora	January 04, 2011 04:22AM
Re: Nginx does not re-open log files on SIGUSR1.	Gena Makhomed	January 03, 2011 12:46PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 230

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018