[brigandish]

The article didn't mention permissions, would this still work if the nginx user is denied permissions on things like `/var/log`? I suspect it wouldn't but isn't the most common cause of security flaws going to be unchecked assumptions?

As an aside, I didn't know Github code search accepted regex.

[VWWHFSfQ]

no it wouldn't work if the user nginx is running as didn't have read access to the directory or files

[komali2]

Ah then I just realized, it probably does have access to all nginx log directories, because nginx needs write permissions to them anyway, right? Now I really want to go double check all my permission setups...

[crote]

It depends on how nginx is designed. In theory you could separate log writing into a different process, and drop those permissions from the worker process.

Or just write to stdout and have systemd handle the logging for you, that'd work too.