Opened 13 months ago

Last modified 13 months ago

#68596 assigned defect

After installing Nginx, I can't shut down Redis (also installed by port) because the error "Failed opening the temp RDB file temp-8712.rdb (in server root dir /opt/local/var/log/nginx) for saving: Permission denied"

Reported by: qiulang Owned by: Schamschula (Marius Schamschula)
Priority: Normal Milestone:
Component: ports Version:
Keywords: Cc: dgilman (David Gilman)
Port: nginx redis

Description (last modified by ryandesign (Ryan Carsten Schmidt))

After installing Nginx, I can't shut down Redis (also installed by port) because the error "Failed opening the temp RDB file temp-8712.rdb (in server root dir /opt/local/var/log/nginx) for saving: Permission denied."

After installing Nginx, when started it, I got the error because the directory /opt/local/var/log/nginx is owned by root.

% nginx
nginx: [alert] could not open error log file: open() "/opt/local/var/log/nginx/error.log" failed (13: Permission denied)
2023/10/31 11:28:09 [emerg] 8608#0: mkdir() "/opt/local/var/run/nginx/client_body_temp" failed (13: Permission denied)

So I run nginx with sudo nginx.

But when I just run redis-server (without sudo redis-server) and later want to shut it down, I got the error "Failed opening the temp RDB file temp-8712.rdb (in server root dir /opt/local/var/log/nginx) for saving: Permission denied." Why does Redis need to write log into dir /opt/local/var/log/nginx?

My second question is do I need to run nginx with sudo ngixn? When I run all other tool installed by port I don't need to run them with sudo.

Change History (9)

comment:1 Changed 13 months ago by qiulang

Description: modified (diff)

comment:2 Changed 13 months ago by jmroot (Joshua Root)

Cc: dgilman added
Keywords: nginx redis removed
Owner: set to Schamschula
Port: redis added
Status: newassigned

comment:3 Changed 13 months ago by Schamschula (Marius Schamschula)

You can change the user in nginx.conf. The upstream default is root, as it is on my FreeBSD servers.

Look for #user nobody; near the top of the file. Change it as needed.

comment:4 Changed 13 months ago by ryandesign (Ryan Carsten Schmidt)

Description: modified (diff)

comment:5 Changed 13 months ago by qiulang

Sorry, it is really not a bug. It is just that I forgot redis will write a log to the directory where it is started and I happened to start redis at /opt/local/var/log/nginx/ so now I can't shut it down. I don't know how to close my ticket.

But when I changed #user nobody; (per your suggestion) to my user and started nginx without sudo, I got the error the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /opt/local/etc/nginx/nginx.conf:1

I just want to know if it is possible I can nginx without sudo (as I do not bind it to 80)?

Last edited 13 months ago by qiulang (previous) (diff)

comment:6 Changed 13 months ago by Schamschula (Marius Schamschula)

Generally, apache and nginx are bound to system ports < 1043 (80 and 443). These can only be opened by the root process. If you want to run nginx on port 8080, etc. you can invoke the master process as non-root.

See: https://docs.nginx.com/nginx/admin-guide/basic-functionality/runtime-control/#master-and-worker-processes

comment:7 Changed 13 months ago by qiulang

But the fact is I can't because /opt/local/var/log/nginx/ is owned by root

comment:8 Changed 13 months ago by dgilman (David Gilman)

I've run MacPorts nginx without sudo on a custom port before. You install the package but you don't run it via port load, instead you have to set up an nginx config directory in your home directory. I think I started with copying over the MacPorts distributed nginx.conf, changed the log dirs and root/location to something in my home dir and had it working. This is a bit cleaner than trying to edit the MacPorts nginx config as you can just leave that stuff alone, update nginx whenever you want, and don't have to possibly make any local portfile changes. If you want it to start automatically / on demand you'll have to put together the launchd script for it but you might be able to just copy the MacPorts one and change the paths but I have not done it personally.

I have no idea why redis would be writing to nginx directories. You'll have to share your redis.conf and details on how you launched redis.

comment:9 Changed 13 months ago by qiulang

Thanks for the reply. Now I know that starting nginx without sudo will involve quite some work. Since I am not a nginx expert I will just give up.

About the redis, as I said in the previous comment, "Sorry, it is really not a bug. It is just that I forgot redis will write a log to the directory when it is started and I happened to start redis at /opt/local/var/log/nginx/ so now I can't shut it down."

I don't know how to close my ticket. But I have considered it solved. Thanks for all the comments.

Version 0, edited 13 months ago by qiulang (next)
Note: See TracTickets for help on using tickets.