把nginx进程跑在普通用户下
1)源码安装nginx,root运行nginx进程
安装nginx依赖包
[root@localhost 桌面]# yum -y install gcc gcc-c++
[root@localhost 桌面]# yum -y install pcre-devel openssl-devel zlib-devel
[root@localhost 桌面]# mkdir /nginx
[root@localhost 桌面]# mv nginx-1.2.0.tar.gz /nginx/
[root@localhost 桌面]# cd /nginx/
[root@localhost nginx]# ls
nginx-1.2.0.tar.gz
[root@localhost nginx]# tar -zxf nginx-1.2.0.tar.gz
[root@localhost nginx]# ls
nginx-1.2.0 nginx-1.2.0.tar.gz
[root@localhost nginx]# cd nginx-1.2.0
[root@localhost nginx-1.2.0]# ls
auto CHANGES.ru configure html man src
CHANGES conf contrib LICENSE README
[root@localhost nginx-1.2.0]# useradd -s /sbin/nologin -M nginx
[root@localhost nginx-1.2.0]# ./configure --user=nginx --group=nginx --prefix=/usr/local/nginx --with-http_ssl_module
[root@localhost nginx-1.2.0]# make && make install
[root@localhost nginx-1.2.0]# cd /root/桌面
[root@localhost 桌面]# /usr/local/nginx/sbin/nginx -t
nginx: the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
nginx: configuration file /usr/local/nginx/conf/nginx.conf test is successful
[root@localhost 桌面]# /usr/local/nginx/sbin/nginx
[root@localhost 桌面]# /usr/local/nginx/sbin/nginx -s stop
[root@localhost 桌面]# /usr/local/nginx/sbin/nginx –s reload
[root@localhost 桌面]# lsof -i :80
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
nginx 5538 root 6u IPv4 25974 0t0 TCP *:http (LISTEN)
nginx 5539 nginx 6u IPv4 25974 0t0 TCP *:http (LISTEN)
[root@localhost 桌面]# ps -el |grep nginx
1 S 0 6489 1 0 80 0 - 11312 rt_sig ? 00:00:00 nginx
5 S 500 6970 6489 0 80 0 - 11396 ep_pol ? 00:00:00 nginx
[root@localhost 桌面]# vim /usr/local/nginx/conf/nginx.conf
worker_processes 2;
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 80;
server_name bbs.etiantian.org;
location / {
root bbs;
index index.html index.htm;
}
}
}
wq
[root@localhost 桌面]# mkdir /usr/local/nginx/bbs
[root@localhost 桌面]# echo "bbs" > /usr/local/nginx/bbs/index.html
[root@localhost 桌面]# /usr/local/nginx/sbin/nginx -s reload
[root@localhost 桌面]# echo "127.0.0.1 bbs.etiantian.org" >> /etc/hosts
[root@localhost 桌面]# curl bbs.etiantian.org
bbs
[root@localhost 桌面]# ps -elf |grep nginx
5 S nginx 5549 2843 0 80 0 - 58499 inet_c Jun12 ? 00:00:02 php-fpm: pool www
1 S root 6489 1 0 80 0 - 11312 rt_sig Jun12 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
5 S nginx 6543 2843 0 80 0 - 57703 inet_c Jun12 ? 00:00:00 php-fpm: pool www
5 S nginx 8111 6489 0 80 0 - 11405 ep_pol 00:55 ? 00:00:00 nginx: worker process
0 S root 9016 8068 0 80 0 - 25814 pipe_w 02:11 pts/0 00:00:00 grep nginx
2)把nginx进程跑在普通用户下:
[root@localhost 桌面]# useradd zuma
[root@localhost 桌面]# su - zuma
[zuma@localhost ~]$ cp -a /usr/local/nginx/conf/ .
[zuma@localhost ~]$ cp -a /usr/local/nginx/logs/ .
[zuma@localhost ~]$ cp -a /usr/local/nginx/bbs/ .
[zuma@localhost ~]$ ls
bbs conf logs //3个目录
[zuma@localhost ~]$ vim conf/nginx.conf
user nginx; //nginx用户就可以
error_log /home/zuma/logs/error.log notice;
pid /home/zuma/logs/nginx_zuma.pid; //添加上面两行,根据需求
worker_processes 2;
http {
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
server {
listen 8000;
server_name bb.etiantian.org;
location / {
root /home/zuma/bbs;
index index.html index.htm;
}
}
}
wq
[zuma@localhost ~]$ echo "bb" > bbs/index.html
[zuma@localhost ~]$ /usr/local/nginx/sbin/nginx -c /home/zuma/conf/nginx.conf
报错:
nginx: [alert] could not open error log file: open() "/usr/local/nginx/logs/error.log" failed (13: Permission denied)
2016/06/13 01:42:48 [warn] 8574#0: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /home/zuma/conf/nginx.conf:1
2016/06/13 01:42:48 [emerg] 8574#0: open() "/usr/local/nginx/logs/access.log" failed (13: Permission denied) //warn不是报错。
[zuma@localhost ~]$ logout
[root@localhost 桌面]# chown -R zuma.zuma /usr/local/nginx/logs/
[root@localhost 桌面]# echo "127.0.0.1 bb.etiantian.org" >> /etc/hosts
[root@localhost 桌面]# su - zuma
[zuma@localhost ~]$ \cp -a /usr/local/nginx/logs/ .
[zuma@localhost ~]$ /usr/local/nginx/sbin/nginx -c /home/zuma/conf/nginx.conf
nginx: [warn] the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /home/zuma/conf/nginx.conf:1 //warn不是报错。
[zuma@localhost ~]$ ps -elf |grep nginx
5 S nginx 5549 2843 0 80 0 - 58499 inet_c Jun12 ? 00:00:02 php-fpm: pool www
1 S root 6489 1 0 80 0 - 11312 rt_sig Jun12 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
5 S nginx 6543 2843 0 80 0 - 57703 inet_c Jun12 ? 00:00:00 php-fpm: pool www
5 S nginx 8111 6489 0 80 0 - 11405 ep_pol 00:55 ? 00:00:00 nginx: worker process
1 S zuma 8952 1 0 80 0 - 10742 rt_sig 02:04 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx -c /home/zuma/conf/nginx.conf
1 S zuma 8953 8952 0 80 0 - 10841 ep_pol 02:04 ? 00:00:00 nginx: worker process
0 S zuma 8960 8920 0 80 0 - 25814 pipe_w 02:04 pts/2 00:00:00 grep nginx
[zuma@localhost ~]$ curl bb.etiantian.org
bbs
[zuma@localhost ~]$ curl bb.etiantian.org:8000
bb
[zuma@localhost ~]$ pkill nginx //杀nginx进程时候,只能杀自己的进程,杀不掉root的进程。
pkill: 6489 - Operation not permitted
pkill: 8111 - Operation not permitted
[zuma@localhost ~]$ ps -elf |grep nginx
5 S nginx 5549 2843 0 80 0 - 58499 inet_c Jun12 ? 00:00:02 php-fpm: pool www
1 S root 6489 1 0 80 0 - 11312 rt_sig Jun12 ? 00:00:00 nginx: master process /usr/local/nginx/sbin/nginx
5 S nginx 6543 2843 0 80 0 - 57703 inet_c Jun12 ? 00:00:00 php-fpm: pool www
5 S nginx 8111 6489 0 80 0 - 11405 ep_pol 00:55 ? 00:00:00 nginx: worker process
0 S zuma 8997 8920 0 80 0 - 25814 pipe_w 02:09 pts/2 00:00:00 grep nginx