From somenxavier at posteo.net Sat Aug 24 16:22:14 2024 From: somenxavier at posteo.net (Xavier B.) Date: Sat, 24 Aug 2024 14:22:14 +0000 Subject: [artix-general] Running nginx as unpriviledged user Message-ID: <20240824162214.a99e8a861a62abd8adff4c34@posteo.net> Hi, I want to run nginx as unpriviledged user. I follow the guide of archlinux [https://wiki.archlinux.org/title/Nginx#Running_unprivileged_using_systemd] but I don't know the equivalent in OpenRC world. Anyone could help me? Thanks in advance, Xavier From nous at artixlinux.org Sat Aug 24 21:00:30 2024 From: nous at artixlinux.org (Christos Nouskas) Date: Sat, 24 Aug 2024 22:00:30 +0300 Subject: [artix-general] Running nginx as unpriviledged user In-Reply-To: <20240824162214.a99e8a861a62abd8adff4c34@posteo.net> References: <20240824162214.a99e8a861a62abd8adff4c34@posteo.net> Message-ID: <606B3D7C-ABF1-4ED7-86EC-4CC66077C6DA@artixlinux.org> https://gitea.artixlinux.org/packages/nginx-openrc/src/branch/master/nginx.confd Just set it in /etc/conf.d/nginx On August 24, 2024 5:22:14 PM GMT+03:00, "Xavier B." wrote: >Hi, > >I want to run nginx as unpriviledged user. I follow the guide of archlinux [https://wiki.archlinux.org/title/Nginx#Running_unprivileged_using_systemd] but I don't know the equivalent in OpenRC world. > >Anyone could help me? > >Thanks in advance, >Xavier >-- >artix-general mailing list >artix-general at artixlinux.org >https://lists.artixlinux.org/listinfo/artix-general -------------- next part -------------- An HTML attachment was scrubbed... URL: From somenxavier at posteo.net Sun Aug 25 16:38:56 2024 From: somenxavier at posteo.net (Xavier B.) Date: Sun, 25 Aug 2024 14:38:56 +0000 Subject: [artix-general] Running nginx as unpriviledged user In-Reply-To: <606B3D7C-ABF1-4ED7-86EC-4CC66077C6DA@artixlinux.org> References: <20240824162214.a99e8a861a62abd8adff4c34@posteo.net> <606B3D7C-ABF1-4ED7-86EC-4CC66077C6DA@artixlinux.org> Message-ID: <20240825163856.b3fe2263d67507b368d31f13@posteo.net> Thanks, Christos, for your reply. I have this conf.d already in my system. But what I could ensure that even nginx master process is running as nginx (or http) user and not as root. The reference I above mentioned has a "tutorial" of how to achieve that in systemd but are thing I have no idea what are the equivalents in openrc: - NoNewPrivileges=yes in systemd - CapabilityBoundingSet=CAP_NET_BIND_SERVICE, AmbientCapabilities=CAP_NET_BIND_SERVICE in systemd - StateDirectory=nginx in systemd ... Can you guide me to translate the section 5.1 of this tutorial [https://wiki.archlinux.org/title/Nginx#Running_unprivileged_using_systemd] to openrc? This is what I really asked for. Thanks in advance, Xavier On Sat, 24 Aug 2024 22:00:30 +0300 Christos Nouskas ha escrit: > https://gitea.artixlinux.org/packages/nginx-openrc/src/branch/master/nginx.confd > > Just set it in /etc/conf.d/nginx > > > On August 24, 2024 5:22:14 PM GMT+03:00, "Xavier B." wrote: > >Hi, > > > >I want to run nginx as unpriviledged user. I follow the guide of archlinux [https://wiki.archlinux.org/title/Nginx#Running_unprivileged_using_systemd] but I don't know the equivalent in OpenRC world. > > > >Anyone could help me? > > > >Thanks in advance, > >Xavier > >-- > >artix-general mailing list > >artix-general at artixlinux.org > >https://lists.artixlinux.org/listinfo/artix-general