Entries filed under Security

Changing nginx’s worker process user on OS X

nginx defaults to running its master process as root and all workers as nobody.

You can tell nginx to run worker processes under different credentials by setting the user directive in nginx.conf.

On OS X, you need to specify a valid group as well, since nginx will default to looking for a group that doesn’t exist. You will see “nginx – getgrnam()” in the error log when this happens. The easiest solution I found is to assign the OS X staff group:

user userid staff

It probably bears mentioning that changing the runtime credentials won’t negate the need for sudo if you run your web server on port 80, since OS X (and all Unixes) will not allow nginx to use that port unless it runs as root.