Nginx默认只能使用root用户启动,这给开发和运维都带来了不便,下面介绍两个以普通用户管理Nginx的方式。
方法1
[root@benniao sbin]# ll
-rwxr-xr-x. 1 root root 3893056 Feb 2 19:39 nginx
[root@benniao sbin]# chmod u+s nginx # 添加s权限,允许普通用户以root的身份执行命令
[root@benniao sbin]# ll
-rwsr-xr-x. 1 root root 3893056 Feb 2 19:39 nginx
[root@benniao sbin]# su - appuser
[appuser@benniao ~]$ /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[appuser@benniao ~]$ /usr/local/nginx/sbin/nginx
[appuser@benniao ~]$ ps -ef | grep nginx
root 19653 1 0 20:15 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
nobody 19654 19653 0 20:15 ? 00:00:00 nginx: worker process
方法2
# 整个Nginx目录管理权限给到普通用户
[root@benniao sbin]# chown -R appuser.appuser /usr/local/nginx
[root@benniao sbin]# ll
-rwxr-xr-x. 1 appuser appuser 3893056 Feb 2 19:39 nginx
允许普通用户使用1024以下端口
Linux下默认只有root才能启动1024以下端口,所以普通用户启动nginx会失败。
[root@benniao sbin]# setcap cap_net_bind_service=+eip nginx
[root@benniao sbin]# ll
-rwxr-xr-x. 1 appuser appuser 3893056 Feb 2 19:39 nginx
[root@benniao sbin]# getcap nginx
nginx = cap_net_bind_service+eip
扩展
setcap cap_net_bind_service=+eip nginx # 设置权限
setcap -r nginx # 清除权限
getcap nginx # 查看权限
# 普通用户已经具有对应nginx 管理权限
[appuser@benniao ~]$ /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[appuser@benniao ~]$ /usr/local/nginx/sbin/nginx
[appuser@benniao ~]$ ps -ef | grep nginx
appuser 19426 1 0 20:11 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
appuser 19427 19426 0 20:11 ? 00:00:00 nginx: worker process