this post was submitted on 29 Jan 2024
413 points (93.7% liked)

Technology

60480 readers
4055 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 4 points 11 months ago* (last edited 11 months ago) (1 children)

Okay so that's different.

nginx only runs the master process as root, but the actual worker processes already run under a low-privileged account called http. If you want to run the master process as well as non-root, you can follow the instructions here: https://wiki.archlinux.org/title/nginx#Running_unprivileged_using_systemd

To restrict access to files, you'd be editing the nginx config file, you can read on how to do that in the nginx documentation, or check ServerFault etc.

But the modern Linux world revolves around containers. There's an official Docker image for nginx that you could use if you'd like, and that'd make it a much more secure - and portable option.

Also, I'd recommend checking the Arch Wiki first for anything Linux related - the wealth of knowledge and documentation there is unmatched, and is useful even if you're not running Arch.

[โ€“] [email protected] 2 points 11 months ago

Thanks for your help m8, I appreciate it.

I'll have to do some more reading once I've got some time.