Can't delete nignx's temporary files without sudo

185 views Asked by At

I've installed nginx the regular way on Arch Linux. Anytime my website (ie nginx) creates temporary files, it's created by the http:http user and they have 755 permission.

I need to clear the cache time to time and I am logged as a regular user. That means anytime I need to delete those files, I need to use sudo which isn't right for number of reasons. What is the right method to be able delete those files without sudo?

1

There are 1 answers

3
AudioBubble On BEST ANSWER

Honestly, this is just the way it ought to be. Semantics around creating and using tempfiles are tricky and the root of many security problems. Don't try to subvert this.

The real question is, why are you deleting these files? Are they never deleted or reused or otherwise managed by the nginx process? If there is a problem there, then solve that problem. Don't go chasing after the permissions that a running process uses to create tempfiles unless you really, really, really have to. (For example, if you are writing those files to some special file system. But even this is a weak reason.)

But, if you occasionally have to delete files created by UIDs not you, you need to do it as that UID or as a privileged user. There are ways to tweak sudo such that you can control how much a sudoer can do (say that seven times really fast.)