Hello!

On Fri, Sep 14, 2018 at 03:52:03AM -0400, orsolya.magos wrote:

> we use nginx which load-balances toward our snmptrapd. Everything is working
> fine if we start nginx with root. We would like to change it so nginx
> (workers) would start with nginx user. I couldn't make it work, do you have
> any idea what additional thing can I set/check?
>
> nginx -V
> nginx version: nginx/1.12.2
> built by gcc 4.8.5 20150623 (Red Hat 4.8.5-16) (GCC)

Update to nginx 1.13.8+, it should be able to use transparent
proxying on Linux without workers being run as root:

*) Feature: now nginx automatically preserves the CAP_NET_RAW capability
in worker processes when using the "transparent" parameter of the
"proxy_bind", "fastcgi_bind", "memcached_bind", "scgi_bind", and
"uwsgi_bind" directives.

Alternatively, consider not using "proxy_bind ... transparent".
See docs here for additional details:

http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_bind

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx