On Tue, Nov 20, 2012 at 8:36 PM, Nicolai <nicolai-om...@chocolatine.org> wrote: > On Mon, Nov 19, 2012 at 04:42:57PM -0300, Martín Ferco wrote: > >> I can see that some files have been updated by the OpenBSD team, reading >> README.OpenBSD in the source directory. One of those changes seems to have >> been the inclusion of the "-u" flag to chroot nginx (I'm not entirely sure >> about this, but I can't find that switch in a 1.2.5 release for CentOS). > > No, the "-u" flag DISABLES the default chroot. From the manpage: > > -u By default nginx will chroot(2) to the home directory of the > user running the daemon, typically ``www'', or to the home > directory of user in nginx.conf. The -u option disables > this behaviour, and returns nginx to the original "unsecure" > behaviour. > > This is the same approach as in OpenBSD's Apache. Don't use the "-u" > flag unless you know what you're doing and have an excellent reason. >
Yes, you're right, it's the other way around -- but, in any case, you can't find that option in nginx by default. > Nicolai
