Errors suggesting nginx isn't started as root

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Errors suggesting nginx isn't started as root

nginx mailing list
Why am I getting these log warn/emerg? Running Nginx 1.14.0 on Ubuntu 18.04.

root@k2:~# whoami
root

root@k2:~# service nginx restart

root@k2:~# tail /var/log/nginx/error.log
2018/09/19 11:38:47 [warn] 22399#22399: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:21
2018/09/19 11:38:47 [emerg] 22399#22399: SSL_CTX_use_PrivateKey_file("/etc/ssl/private/nginx-selfsigned.key") failed (SSL: error:0200100D:system library:fopen:Permission denied:fopen('/etc/ssl/private/nginx-selfsigned.key','r') error:20074002:BIO routines:file_ctrl:system lib error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib)

root@k2:~# ls -lh /etc/ssl/private/ |grep nginx
-rw-r----- 1 root ssl-cert 1.7K Jul  8 17:12 nginx-selfsigned.key

root@k2:~# cat /etc/nginx/nginx.conf |grep ^user
user www-data;

root@k2:~# ps -auxw |grep nginx
root     22317  0.0  0.2 359680  9300 ?        Ss   11:38   0:00 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
www-data 22322  0.0  0.3 361980 15356 ?        S    11:38   0:00 nginx: worker process
www-data 22323  0.2  0.4 362244 18984 ?        S    11:38   0:00 nginx: worker process
www-data 22326  0.0  0.3 361980 14760 ?        S    11:38   0:00 nginx: cache manager process
www-data 22327  0.0  0.3 361980 14760 ?        S    11:38   0:00 nginx: cache loader process


--
Palvelin.fi Hostmaster
[hidden email]

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Errors suggesting nginx isn't started as root

Palvelin Postmaster
This is still a big mystery to me. Upgrading to nginx 1.16.1 didn’t help.

As far as I can understand, the nginx master process IS running with root privileges.


> On 19 Sep 2018, at 2.00, Palvelin Postmaster via nginx <[hidden email]> wrote:
>
> Why am I getting these log warn/emerg? Running Nginx 1.14.0 on Ubuntu 18.04.
>
> root@k2:~# whoami
> root
>
> root@k2:~# service nginx restart
>
> root@k2:~# tail /var/log/nginx/error.log
> 2018/09/19 11:38:47 [warn] 22399#22399: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:21
> 2018/09/19 11:38:47 [emerg] 22399#22399: SSL_CTX_use_PrivateKey_file("/etc/ssl/private/nginx-selfsigned.key") failed (SSL: error:0200100D:system library:fopen:Permission denied:fopen('/etc/ssl/private/nginx-selfsigned.key','r') error:20074002:BIO routines:file_ctrl:system lib error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib)
>
> root@k2:~# ls -lh /etc/ssl/private/ |grep nginx
> -rw-r----- 1 root ssl-cert 1.7K Jul  8 17:12 nginx-selfsigned.key
>
> root@k2:~# cat /etc/nginx/nginx.conf |grep ^user
> user www-data;
>
> root@k2:~# ps -auxw |grep nginx
> root     22317  0.0  0.2 359680  9300 ?        Ss   11:38   0:00 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
> www-data 22322  0.0  0.3 361980 15356 ?        S    11:38   0:00 nginx: worker process
> www-data 22323  0.2  0.4 362244 18984 ?        S    11:38   0:00 nginx: worker process
> www-data 22326  0.0  0.3 361980 14760 ?        S    11:38   0:00 nginx: cache manager process
> www-data 22327  0.0  0.3 361980 14760 ?        S    11:38   0:00 nginx: cache loader process

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Errors suggesting nginx isn't started as root

Maxim Dounin
Hello!

On Wed, Sep 04, 2019 at 03:59:41PM -0700, Palvelin Postmaster wrote:

> This is still a big mystery to me. Upgrading to nginx 1.16.1 didn’t help.
>
> As far as I can understand, the nginx master process IS running with root privileges.

The error is from process 22399, and no information available to
find out the user started it.  The errors suggest it wasn't root.

> > 2018/09/19 11:38:47 [warn] 22399#22399: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:21
> > 2018/09/19 11:38:47 [emerg] 22399#22399: SSL_CTX_use_PrivateKey_file("/etc/ssl/private/nginx-selfsigned.key") failed (SSL: error:0200100D:system library:fopen:Permission denied:fopen('/etc/ssl/private/nginx-selfsigned.key','r') error:20074002:BIO routines:file_ctrl:system lib error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib)

[...]

> > root@k2:~# ps -auxw |grep nginx
> > root     22317  0.0  0.2 359680  9300 ?        Ss   11:38   0:00 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
> > www-data 22322  0.0  0.3 361980 15356 ?        S    11:38   0:00 nginx: worker process
> > www-data 22323  0.2  0.4 362244 18984 ?        S    11:38   0:00 nginx: worker process
> > www-data 22326  0.0  0.3 361980 14760 ?        S    11:38   0:00 nginx: cache manager process
> > www-data 22327  0.0  0.3 361980 14760 ?        S    11:38   0:00 nginx: cache loader process

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|

Re: Errors suggesting nginx isn't started as root

Palvelin Postmaster
Great catch, I hadn’t noticed that. Thanks Maxim!

Now I need to figure out what that process is. The log suggests it gets started when I launch the service but doesn’t keep running.

root@k2:/var/www# service nginx restart

root@k2:/var/www# tail /var/log/nginx/error.log
2019/09/05 22:40:34 [warn] 10871#10871: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:21
2019/09/05 22:40:34 [emerg] 10871#10871: cannot load certificate key "/etc/ssl/private/nginx-selfsigned.key": BIO_new_file() failed (SSL: error:0200100D:system library:fopen:Permission denied:fopen('/etc/ssl/private/nginx-selfsigned.key','r') error:2006D002:BIO routines:BIO_new_file:system lib)

root@k2:/var/www# ps -auxw |grep nginx
root     10789  0.0  0.0 387164  4352 ?        Ss   22:40   0:00 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
www-data 10793  0.0  0.1 389708 12808 ?        S    22:40   0:00 nginx: worker process
www-data 10794  0.0  0.1 389464  9320 ?        S    22:40   0:00 nginx: worker process
www-data 10795  0.0  0.1 389464  9508 ?        S    22:40   0:00 nginx: cache manager process
www-data 10799  0.0  0.1 389464  9508 ?        S    22:40   0:00 nginx: cache loader process
root     10885  0.0  0.0  14660  1084 pts/0    R+   22:40   0:00 grep --color=auto nginx



> On 5 Sep 2019, at 11.52, Maxim Dounin <[hidden email]> wrote:
>
> Hello!
>
> On Wed, Sep 04, 2019 at 03:59:41PM -0700, Palvelin Postmaster wrote:
>
>> This is still a big mystery to me. Upgrading to nginx 1.16.1 didn’t help.
>>
>> As far as I can understand, the nginx master process IS running with root privileges.
>
> The error is from process 22399, and no information available to
> find out the user started it.  The errors suggest it wasn't root.
>
>>> 2018/09/19 11:38:47 [warn] 22399#22399: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:21
>>> 2018/09/19 11:38:47 [emerg] 22399#22399: SSL_CTX_use_PrivateKey_file("/etc/ssl/private/nginx-selfsigned.key") failed (SSL: error:0200100D:system library:fopen:Permission denied:fopen('/etc/ssl/private/nginx-selfsigned.key','r') error:20074002:BIO routines:file_ctrl:system lib error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib)
>
> [...]
>
>>> root@k2:~# ps -auxw |grep nginx
>>> root     22317  0.0  0.2 359680  9300 ?        Ss   11:38   0:00 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
>>> www-data 22322  0.0  0.3 361980 15356 ?        S    11:38   0:00 nginx: worker process
>>> www-data 22323  0.2  0.4 362244 18984 ?        S    11:38   0:00 nginx: worker process
>>> www-data 22326  0.0  0.3 361980 14760 ?        S    11:38   0:00 nginx: cache manager process
>>> www-data 22327  0.0  0.3 361980 14760 ?        S    11:38   0:00 nginx: cache loader process

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx