Hello!

On Tue, Oct 25, 2016 at 04:45:34PM +0200, Daniel Aubry wrote:

[...]

> I do have several nginx inscances on one Server, they all run as a
> different users.
>
> There is one main nginx instance which runs as the user www-data.
>
> *_temp_path is set to a different location for all nginx instances
> excluding the main instance. The main www-data instance is still
> using /var/lib/nginx.
>
> Configuration example for custom temp dirs:
> ================================================================
> fastcgi_temp_path /var/www/vhosts/XYZ/tmp/nginx/fcgi;
> scgi_temp_path /var/www/vhosts/XYZ/tmp/nginx/scgi;
> uwsgi_temp_path /var/www/vhosts/XYZ/tmp/nginx/wsgi;
> client_body_temp_path /var/www/vhosts/XYZ/tmp/nginx/body;
> proxy_temp_path /var/www/vhosts/XYZ/tmp/nginx/proxy;
> ================================================================
>
> Now, let's restart the main nginx. You can see that all
> files/directories in /var/lib/nginx are owned by www-data:www-data:
> ================================================================
> root@xxxx-web-03:/var/log/nginx# systemctl restart nginx.service
> root@xxxx-web-03:/var/log/nginx# ls -la /var/lib/nginx
> total 28
> drwxr-xr-x 7 www-data www-data 4096 Oct 25 15:45 .
> drwxr-xr-x 43 root root 4096 Oct 6 15:15 ..
> drwx------ 2 www-data www-data 4096 Oct 25 15:03 body
> drwx------ 2 www-data www-data 4096 Oct 6 14:43 fastcgi
> drwx------ 9 www-data www-data 4096 Oct 25 10:18 proxy
> drwx------ 2 www-data www-data 4096 Oct 6 14:43 scgi
> drwx------ 2 www-data www-data 4096 Oct 6 14:43 uwsgi
> ================================================================
>
> After restarting nginx-XYZ.service, all files/directories are owned by XYZ:
> ================================================================
> root@xxxx-web-03:/var/log/nginx# systemctl restart nginx-XYZ.service
> root@xxxx-web-03:/var/log/nginx# ls -la /var/lib/nginx
> total 28
> drwxr-xr-x 7 www-data www-data 4096 Oct 25 15:45 .
> drwxr-xr-x 43 root root 4096 Oct 6 15:15 ..
> drwx------ 2 XYZ www-data 4096 Oct 25 15:03 body
> drwx------ 2 XYZ www-data 4096 Oct 6 14:43 fastcgi
> drwx------ 9 XYZ www-data 4096 Oct 25 10:18 proxy
> drwx------ 2 XYZ www-data 4096 Oct 6 14:43 scgi
> drwx------ 2 XYZ www-data 4096 Oct 6 14:43 uwsgi
> root@xxxx-web-03:/var/log/nginx#
> ================================================================
>
> I can't find the string /var/lib/nginx in any nginx Configuration file on the system:
> ================================================================
> root@xxxx-web-03:/var/log/nginx# grep -r "/var/lib/nginx" /etc/nginx-XYZ/
> root@xxxx-web-03:/var/log/nginx# grep -r "/var/lib/nginx" /etc/nginx/
> root@xxxx-web-03:/var/log/nginx#
> ================================================================
>
> I can set all *_temp_path directories of the www-data nginx to an other direcory,
> this is my current workaround for this issue. But i believe that the nginx shouldn't
> touch /var/lib/ngin/* if this directory isn't in the configuration file.
>
> Any idea? Should i open a bug?

Make sure to define temp paths in all servers, or, better yet, at
http{} level. If you don't redefine them in some context, nginx
will use the default paths compiled in, resulting in the behaviour
you've observed.

That is, something like this will work correctly, without touching
compiled-in client_body_temp:

http {
server {
listen 8080;
client_body_temp_path /path/to/client_body_temp;
}
}

But the configuration below will use both configured and
compiled-in client_body_temp:

http {
server {
listen 8080;
client_body_temp_path /path/to/client_body_temp;
}

server {
listen 8081;
}
}

As previously suggested, best solution is to set relevant
directives at http{} level:

http {
client_body_temp_path /path/to/client_body_temp;

server {
listen 8080;
}

server {
listen 8081;
}
}

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx