Unable to change owner and group of Nginx error_log and access_log

Question

I want to change the owner and group of nginx's error_log and access_log straight away from nginx (not manually using chgrp and chown). While keeping nginx running as root so that it can listen on port 80, 443, and so on.....

Server is running Ubuntu 20.04, nginx/1.18.0 (Ubuntu)

It seems like no matter what the location are :

/var/www/error_log
/var/www/access_log
/var/www/sub.domain.com/error_log
/var/www/sub.domain.com/access_log
/var/www/sub2.domain.com/error_log
/var/www/sub2.domain.com/access_log
...

They are all is owned by root:root ignoring settings that is described in the user directive.

Output of ls -l :

-rw-r--r-- 1 root root  0 Sep 14 09:07 access_log
-rw-r--r-- 1 root root  0 Sep 14 08:43 error_log

Few (Truncated) contents of /etc/group :

root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:syslog
tty:x:5:syslog
disk:x:6:
lp:x:7:
www-data:x:33:
backup:x:34:
operator:x:37:
...
webservergroup:x:1001:tirtagt,www-data,anotheruserhere
...

Even though I had specify the user directive on /etc/nginx/nginx.conf :

user www-data webservergroup;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

Example Server block :

server {
        listen 80;

        root /var/www/sub.example.com;

        # Set the domain name or server name here
        server_name sub.example.com;

        # error_log
        error_log /var/www/sub.example.com/error_log notice;
        access_log /var/www/sub.example.com/access_log;
    
        # Declare a priority if there is no path or files specified.
        index index.html index.htm index.php;

        # Catch All Location
        location / {
                # Pass it to the FastCGI PHP bridge
                include fastcgi_params;
                fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;

                # Run the DynamicPHPRouter for anything and let it do it's job.
                fastcgi_param SCRIPT_FILENAME $document_root/srouter.php;
        }
}

Expected behaviour would be that the error_log and access_log is created as www-data as the owner, and webservergroup as the group, something like this when we run ls -l :

-rw-rw-r-- 1 www-data webservergroup  0 Sep 14 09:07 access_log
-rw-rw-r-- 1 www-data webservergroup  0 Sep 14 08:43 error_log

score 0 · Answer 1 · answered Oct 01 '21 at 04:55

I didn't find any other way, for now....

I just let Nginx create the file which will be owned by root, and then manually do chgrp and chown to my target user after the file was created.

For me, I use webservergroup as the the file group, which nginx is also running on, so the log file is read and write-able.

Unable to change owner and group of Nginx error_log and access_log

1 Answers1