Bug 1371626 - Cannot run nginx16 as non-root user
Summary: Cannot run nginx16 as non-root user
Keywords:
Status: CLOSED EOL
Alias: None
Product: Red Hat Software Collections
Classification: Red Hat
Component: nginx16
Version: nginx16
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
: ---
Assignee: Jan Kaluža
QA Contact: BaseOS QE - Apps
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-08-30 16:16 UTC by David Mulford
Modified: 2019-12-16 06:33 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
: 1371767 (view as bug list)
Environment:
Last Closed: 2017-03-31 15:02:02 UTC
Target Upstream Version:

Attachments (Terms of Use)
sample nginx.conf (2.02 KB, text/plain)
2016-08-30 16:16 UTC, David Mulford 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Description David Mulford 2016-08-30 16:16:39 UTC 
Created attachment 1196011 [details]
sample nginx.conf

Description of problem:
Due to configure arguments, a user cannot completely run nginx as a non-root user.

Version-Release number of selected component (if applicable):
nginx 1.6.2

How reproducible:
Always

Steps to Reproduce:
1. Enable Red Hat Software Collections repository
2. Install with "yum install -y nginx16"
3. Use the attached nginx.conf file and run "/opt/rh/nginx16/root/sbin/nginx -c /tmp/nginx.conf" as a non-privileged user.

Actual results:
$ /opt/rh/nginx16/root/sbin/nginx -c /tmp/nginx.conf
nginx: [alert] could not open error log file: open() "/var/log/nginx16/error.log" failed (13: Permission denied)
2016/08/30 12:10:37 [emerg] 13899#0: mkdir() "/opt/rh/nginx16/root/var/lib/nginx/tmp/client_body" failed (13: Permission denied)

Expected results:
nginx should startup, spawn worker processes and begin handling requests.

Additional info:
The error_log option doesn't seem to be overriding the --error-log-path option as it should according to the nginx documentation [1]. Same goes for the --http-proxy-temp-path option.

Here is the nginx -V output:

nginx version: nginx/1.6.2
TLS SNI support enabled
configure arguments: --prefix=/opt/rh/nginx16/root/usr/share/nginx --sbin-path=/opt/rh/nginx16/root/usr/sbin/nginx --conf-path=/opt/rh/nginx16/root/etc/nginx/nginx.conf --error-log-path=/var/log/nginx16/error.log --http-log-path=/var/log/nginx16/access.log --http-client-body-temp-path=/opt/rh/nginx16/root/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/opt/rh/nginx16/root/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/opt/rh/nginx16/root/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/opt/rh/nginx16/root/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/opt/rh/nginx16/root/var/lib/nginx/tmp/scgi --pid-path=/opt/rh/nginx16/root/var/run/nginx/nginx.pid --lock-path=/opt/rh/nginx16/root/var/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_spdy_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_image_filter_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-mail --with-mail_ssl_module --with-pcre --add-module=./passenger-4.0.50/ext/nginx --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E'

[1] https://www.nginx.com/resources/wiki/start/topics/tutorials/installoptions
Comment 1 David Mulford 2016-08-30 16:17:33 UTC 
The same is also true for rh-nginx18.
Comment 2 Ryan Sawhill 2016-08-31 03:48:06 UTC 
As nginx16 is being retired in October (https://access.redhat.com/support/policy/updates/rhscl/), I created a new rh-nginx18 bug for this:

Bug 1371767 - Cannot launch rh-nginx18 nginx master process as non-root user
Comment 3 Joe Orton 2016-10-12 12:52:33 UTC 
Red Hat does not currently plan to provide any further changes to this collection in a Red Hat Software Collections update release.

This software collection is nearing the retirement date (October 2016) after which customers are encouraged either to upgrade to a later release or continue on as self-supported without official Red Hat Support.

Please contact Red Hat Support if you have further questions, or refer to the support lifecycle page for more information. https://access.redhat.com/support/policy/updates/rhscl/
Comment 4 Joe Orton 2017-03-31 15:02:02 UTC 
In accordance with the Red Hat Software Collections Product Life Cycle, the support period for this collection has ended.

New bug fix, enhancement, and security errata updates, as well as technical support services will no longer be made available for this collection.

Customers are encouraged to upgrade to a later release.

Please contact Red Hat Support if you have further questions, or refer to the support lifecycle page for more information. https://access.redhat.com/support/policy/updates/rhscl/
Note You need to log in before you can comment on or make changes to this bug.