On Wed, Mar 18, 2009 at 04:23:48AM +0300, Maxim Dounin wrote:

> Hello!
>
> On Wed, Mar 18, 2009 at 12:36:47AM +0300, Kirill A. Korinskiy wrote:
>
> > From: Kirill A. Korinskiy <catap@catap.ru>
> >
> > The nginx required privilege mode only on master process and only bind
> > ports <1024. In linux proccess can bind ports <1024 in not privilege
> > mode if the process does capset(CAP_NET_BIND_SERVICE).
>
> Note that using root for master process needed not only for
> bind(), but also to access restricted configuration files (e.g.
> private keys) during reconfiguration. So dropping root from
> master should be at least configurable.
>
> It's also not clear what will happen on binary upgrade. Looks
> like with current code capabilities will be lost on exec() and
> upgraded binary won't be able to bind() privileged ports anymore.
> But I'm not really familiar will linux capabilites interface, so I
> may be wrong.
>
> Not even mentioning you are dropping root before writing pidfile.
> :)

The root privileges is also required to rotate logs if they are in
a directories where workers can not write: master opens files and
chown/chmod() them.

> Also there is a couple of unrelated changes and some whitespace
> damage/style violations, but it doesn't really matter.
>
> Maxim Dounin


--
Igor Sysoev
http://sysoev.ru/en/