On Mon, Nov 19, 2012 at 04:42:57PM -0300, Martín Ferco wrote:
> I can see that some files have been updated by the OpenBSD team, reading
> README.OpenBSD in the source directory. One of those changes seems to have
> been the inclusion of the "-u" flag to chroot nginx (I'm not entirely sure
> about this, but I can't find that switch in a 1.2.5 release for CentOS).
No, the "-u" flag DISABLES the default chroot. From the manpage:
-u By default nginx will chroot(2) to the home directory of the
user running the daemon, typically ``www'', or to the home
directory of user in nginx.conf. The -u option disables
this behaviour, and returns nginx to the original "unsecure"
behaviour.
This is the same approach as in OpenBSD's Apache. Don't use the "-u"
flag unless you know what you're doing and have an excellent reason.
Nicolai
