Welcome! Log In Create A New Profile

Re: Nginx does not re-open log files on SIGUSR1.

Forum List Message List New Topic Print View

Piotr Karbowski

January 03, 2011 09:46AM

On 01/03/2011 03:25 PM, Piotr Sikora wrote:
> Hi,
>
>> Any reason to?
>
> Yes, user requires "+x" permission to the directory in order to be able
> to open any file(s) inside it. Google/Bing/whatever for "unix
> permissions", this is as simple as it gets.

This is what I mean by 'exec will allow only chdir there'. With X you
can access dir content and depends on files rights, you can read them
etc. Mental shortcut.

>> Nginx works for me flawless on each box with 700 root:root on
>> /var/log/nginx, the only problem I found is SIGUSR1, Whatever you
>> agree with me or not, nginx shoudn't need perms on its logs dir,
>> because it will allow users to use symlink to fetch logs.
>
> This is because:
> - on start and reload - master process opens log files before fork() and
> worker processes only inherit them,
> - on reopen - all processes need to open logs, so workers also need
> permission to open log files.

Well ok, I understand [now] why it is needed (perms that is). However
security issue still remains which in my opinion should be addressed as
bug and fixed, can you agree with me?

-- Piotr.

_______________________________________________
nginx mailing list
nginx@nginx.org
http://nginx.org/mailman/listinfo/nginx

Reply Quote

RSS

Subject	Author	Posted
Nginx does not re-open log files on SIGUSR1.	Piotr Karbowski	January 03, 2011 05:50AM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Sikora	January 03, 2011 06:42AM
Re: Nginx does not re-open log files on SIGUSR1.	Gena Makhomed	January 03, 2011 07:04AM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Sikora	January 03, 2011 07:22AM
Re: Nginx does not re-open log files on SIGUSR1.	Gena Makhomed	January 03, 2011 08:02AM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Sikora	January 03, 2011 08:14AM
Re: Nginx does not re-open log files on SIGUSR1.	John Feuerstein	January 03, 2011 09:00AM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Sikora	January 03, 2011 09:18AM
Re: Nginx does not re-open log files on SIGUSR1.	John Feuerstein	January 03, 2011 10:24AM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Sikora	January 03, 2011 10:38AM
Re: Nginx does not re-open log files on SIGUSR1.	Gena Makhomed	January 03, 2011 11:24AM
Re: Nginx does not re-open log files on SIGUSR1.	Gena Makhomed	January 03, 2011 11:06AM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Karbowski	January 03, 2011 07:52AM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Sikora	January 03, 2011 07:56AM
Re: Nginx does not re-open log files on SIGUSR1.	Gena Makhomed	January 03, 2011 08:20AM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Karbowski	January 03, 2011 09:08AM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Sikora	January 03, 2011 09:12AM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Karbowski	January 03, 2011 09:20AM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Sikora	January 03, 2011 09:28AM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Karbowski	January 03, 2011 09:46AM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Sikora	January 03, 2011 10:50AM
Re: Nginx does not re-open log files on SIGUSR1.	Gena Makhomed	January 03, 2011 10:52AM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Sikora	January 03, 2011 12:08PM
Re: Nginx does not re-open log files on SIGUSR1.	Gena Makhomed	January 03, 2011 12:46PM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Sikora	January 03, 2011 01:10PM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Karbowski	January 03, 2011 03:40PM
Re: Nginx does not re-open log files on SIGUSR1.	Piotr Sikora	January 04, 2011 04:22AM
Re: Nginx does not re-open log files on SIGUSR1.	Gena Makhomed	January 03, 2011 12:46PM

Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 264

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018