Hide Forgot
Created attachment 1196011 [details] sample nginx.conf Description of problem: Due to configure arguments, a user cannot completely run nginx as a non-root user. Version-Release number of selected component (if applicable): nginx 1.6.2 How reproducible: Always Steps to Reproduce: 1. Enable Red Hat Software Collections repository 2. Install with "yum install -y nginx16" 3. Use the attached nginx.conf file and run "/opt/rh/nginx16/root/sbin/nginx -c /tmp/nginx.conf" as a non-privileged user. Actual results: $ /opt/rh/nginx16/root/sbin/nginx -c /tmp/nginx.conf nginx: [alert] could not open error log file: open() "/var/log/nginx16/error.log" failed (13: Permission denied) 2016/08/30 12:10:37 [emerg] 13899#0: mkdir() "/opt/rh/nginx16/root/var/lib/nginx/tmp/client_body" failed (13: Permission denied) Expected results: nginx should startup, spawn worker processes and begin handling requests. Additional info: The error_log option doesn't seem to be overriding the --error-log-path option as it should according to the nginx documentation [1]. Same goes for the --http-proxy-temp-path option. Here is the nginx -V output: nginx version: nginx/1.6.2 TLS SNI support enabled configure arguments: --prefix=/opt/rh/nginx16/root/usr/share/nginx --sbin-path=/opt/rh/nginx16/root/usr/sbin/nginx --conf-path=/opt/rh/nginx16/root/etc/nginx/nginx.conf --error-log-path=/var/log/nginx16/error.log --http-log-path=/var/log/nginx16/access.log --http-client-body-temp-path=/opt/rh/nginx16/root/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/opt/rh/nginx16/root/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/opt/rh/nginx16/root/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/opt/rh/nginx16/root/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/opt/rh/nginx16/root/var/lib/nginx/tmp/scgi --pid-path=/opt/rh/nginx16/root/var/run/nginx/nginx.pid --lock-path=/opt/rh/nginx16/root/var/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_spdy_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_image_filter_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-pcre --add-module=./passenger-4.0.50/ext/nginx --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E' [1] https://www.nginx.com/resources/wiki/start/topics/tutorials/installoptions
The same is also true for rh-nginx18.
As nginx16 is being retired in October (https://access.redhat.com/support/policy/updates/rhscl/), I created a new rh-nginx18 bug for this: Bug 1371767 - Cannot launch rh-nginx18 nginx master process as non-root user
Red Hat does not currently plan to provide any further changes to this collection in a Red Hat Software Collections update release. This software collection is nearing the retirement date (October 2016) after which customers are encouraged either to upgrade to a later release or continue on as self-supported without official Red Hat Support. Please contact Red Hat Support if you have further questions, or refer to the support lifecycle page for more information. https://access.redhat.com/support/policy/updates/rhscl/
In accordance with the Red Hat Software Collections Product Life Cycle, the support period for this collection has ended. New bug fix, enhancement, and security errata updates, as well as technical support services will no longer be made available for this collection. Customers are encouraged to upgrade to a later release. Please contact Red Hat Support if you have further questions, or refer to the support lifecycle page for more information. https://access.redhat.com/support/policy/updates/rhscl/