projects / arvados.git / blobdiff
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
16306: Make sure that the non-passenger nginx process runs as the
[arvados.git] / lib / boot / nginx.go
diff --git a/lib/boot/nginx.go b/lib/boot/nginx.go
index b11d9fd49d06c56264d6d1c6927974b7ad658c83..07ff1fc1d3e330d89c0f69649ed996f2ca5f7866 100644 (file)
--- a/lib/boot/nginx.go
+++ b/lib/boot/nginx.go
@@ -37,7 +37,7 @@ func (runNginx) Run(ctx context.Context, fail func(error), super *Supervisor) er
                "SSLKEY":     filepath.Join(super.tempdir, "server.key"),
                "ACCESSLOG":  filepath.Join(super.tempdir, "nginx_access.log"),
                "ERRORLOG":   filepath.Join(super.tempdir, "nginx_error.log"),
-               "TMPDIR":     super.tempdir,
+               "TMPDIR":     super.wwwtempdir,
        }
        for _, cmpt := range []struct {
                varname string
@@ -105,7 +105,7 @@ func (runNginx) Run(ctx context.Context, fail func(error), super *Supervisor) er
                defer super.waitShutdown.Done()
                fail(super.RunProgram(ctx, ".", nil, nil, nginx,
                        "-g", "error_log stderr info;",
-                       "-g", "pid "+filepath.Join(super.tempdir, "nginx.pid")+";",
+                       "-g", "user www-data; pid "+filepath.Join(super.wwwtempdir, "nginx.pid")+";",
                        "-c", conffile))
        }()
        // Choose one of the ports where Nginx should listen, and wait