diff options
| author |   robert <robert@openbsd.org> | 2011-10-11 22:53:00 +0000 |
|---|---|---|
| committer | robert <robert@openbsd.org> | 2011-10-11 22:53:00 +0000 |
| commit | c730dea46d0ea6934895cf88c5445d63f180838c (patch) | |
| tree | 1b1204dcea98747b9ea3fe1fff7fb561bc87da41 /usr.sbin/nginx/src/os/unix | |
| parent | Update Digest module to 1.17 (security fix). (diff) | |
| download | wireguard-openbsd-c730dea46d0ea6934895cf88c5445d63f180838c.tar.xz wireguard-openbsd-c730dea46d0ea6934895cf88c5445d63f180838c.zip | |
Add a flag for nginx (-u) to be able to disable chroot and use a better
method for modifying the document root if chrooted, so currently this
allows the user to run the same configuration file with a chrooted and
an non-chrooted setup.
Diffstat (limited to 'usr.sbin/nginx/src/os/unix')
| -rw-r--r-- | usr.sbin/nginx/src/os/unix/ngx_process_cycle.c | 8 | ||||
| -rw-r--r-- | usr.sbin/nginx/src/os/unix/ngx_process_cycle.h | 1 |
2 files changed, 8 insertions, 1 deletions
diff --git a/usr.sbin/nginx/src/os/unix/ngx_process_cycle.c b/usr.sbin/nginx/src/os/unix/ngx_process_cycle.c index 8079be69646..1c385419c9e 100644 --- a/usr.sbin/nginx/src/os/unix/ngx_process_cycle.c +++ b/usr.sbin/nginx/src/os/unix/ngx_process_cycle.c @@ -48,6 +48,7 @@ sig_atomic_t ngx_reopen; sig_atomic_t ngx_change_binary; ngx_pid_t ngx_new_binary; ngx_uint_t ngx_inherited; +ngx_uint_t ngx_chrooted = 1; ngx_uint_t ngx_daemonized; sig_atomic_t ngx_noaccept; @@ -888,6 +889,10 @@ ngx_worker_process_init(ngx_cycle_t *cycle, ngx_uint_t priority) #endif if (geteuid() == 0) { + if (!ngx_chrooted) { + goto nochroot; + } + if ((pw = getpwnam(ccf->username)) == NULL) { ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, "getpwnam(%s) failed", ccf->username); @@ -922,7 +927,8 @@ ngx_worker_process_init(ngx_cycle_t *cycle, ngx_uint_t priority) /* fatal */ exit(2); } - + +nochroot: if (setgid(ccf->group) == -1) { ngx_log_error(NGX_LOG_EMERG, cycle->log, ngx_errno, "setgid(%d) failed", ccf->group); diff --git a/usr.sbin/nginx/src/os/unix/ngx_process_cycle.h b/usr.sbin/nginx/src/os/unix/ngx_process_cycle.h index e6cef6b3f96..3bd292dfa0b 100644 --- a/usr.sbin/nginx/src/os/unix/ngx_process_cycle.h +++ b/usr.sbin/nginx/src/os/unix/ngx_process_cycle.h @@ -41,6 +41,7 @@ extern ngx_uint_t ngx_process; extern ngx_pid_t ngx_pid; extern ngx_pid_t ngx_new_binary; extern ngx_uint_t ngx_inherited; +extern ngx_uint_t ngx_chrooted; extern ngx_uint_t ngx_daemonized; extern ngx_uint_t ngx_threaded; extern ngx_uint_t ngx_exiting; |