Join Log in
Score:0
Matthew Developer avatar Server

Unable to change owner and group of Nginx error_log and access_log

br flag
Matthew Developer

Unable to change owner and group of Nginx error_log and access_log

I want to change the owner and group of nginx's error_log and access_log straight away from nginx (not manually using chgrp and chown). While keeping nginx running as root so that it can listen on port 80, 443, and so on.....

Server is running Ubuntu 20.04, nginx/1.18.0 (Ubuntu)

It seems like no matter what the location are :

/var/www/error_log
/var/www/access_log
/var/www/sub.domain.com/error_log
/var/www/sub.domain.com/access_log
/var/www/sub2.domain.com/error_log
/var/www/sub2.domain.com/access_log
...

They are all is owned by root:root ignoring settings that is described in the user directive.

Output of ls -l :

-rw-r--r-- 1 root root  0 Sep 14 09:07 access_log
-rw-r--r-- 1 root root  0 Sep 14 08:43 error_log

Few (Truncated) contents of /etc/group :

root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:syslog
tty:x:5:syslog
disk:x:6:
lp:x:7:
www-data:x:33:
backup:x:34:
operator:x:37:
...
webservergroup:x:1001:tirtagt,www-data,anotheruserhere
...

Even though I had specify the user directive on /etc/nginx/nginx.conf :

user www-data webservergroup;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

Example Server block :

server {
        listen 80;

        root /var/www/sub.example.com;

        # Set the domain name or server name here
        server_name sub.example.com;

        # error_log
        error_log /var/www/sub.example.com/error_log notice;
        access_log /var/www/sub.example.com/access_log;
    
        # Declare a priority if there is no path or files specified.
        index index.html index.htm index.php;

        # Catch All Location
        location / {
                # Pass it to the FastCGI PHP bridge
                include fastcgi_params;
                fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;

                # Run the DynamicPHPRouter for anything and let it do it's job.
                fastcgi_param SCRIPT_FILENAME $document_root/srouter.php;
        }
}

Expected behaviour would be that the error_log and access_log is created as www-data as the owner, and webservergroup as the group, something like this when we run ls -l :

-rw-rw-r-- 1 www-data webservergroup  0 Sep 14 09:07 access_log
-rw-rw-r-- 1 www-data webservergroup  0 Sep 14 08:43 error_log
44
0 + 0
Score:0
Matthew Developer avatar Server
br flag
Matthew Developer

I didn't find any other way, for now....

I just let Nginx create the file which will be owned by root, and then manually do chgrp and chown to my target user after the file was created.

For me, I use webservergroup as the the file group, which nginx is also running on, so the log file is read and write-able.

0 + 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.