# nginx logfile group



## rihad (Sep 4, 2019)

Is there a way to set up nginx to have a certain group of the current access&error log files?
"user www www" in nginx.conf doesn't do the trick. The actual log files are owned as www:wheel, probably because this is the group of the running master nginx process. Setting nginx_group to a different group in /etc/rc.conf doesn't seem to be applicable either:

     ⟨name⟩_group
                 (str) Run the chrooted service under this system group.
                 Unlike the _user setting, this setting has no effect if the
                 service is not chrooted.


----------



## SirDice (Sep 4, 2019)

New files are created using the group from the directory, not from the user's primary group as Linux does.


----------



## rihad (Sep 4, 2019)

Thanks! Indeed. Some googling revealed:

FreeBSD's open(2)


> When a new file is created it is given the group of the directory which
> contains it.



Debian's open(2):



> The  group ownership (group ID) of the new file is set either to the effective group ID of the process (System V semantics) or              to the group ID of the parent directory (BSD semantics).  On Linux, the behavior depends on whether the set-group-ID mode  bit              is  set  on the parent directory: if that bit is set, then BSD semantics apply; otherwise, System V semantics apply.  For some              filesystems, the behavior also depends on the bsdgroups and sysvgroups mount options described in mount(8)).



Life's hard )


----------



## drhowarddrfine (Sep 4, 2019)

BSD life is simple.


----------



## SirDice (Sep 4, 2019)

If you want to change the group you could create a /var/log/nginx directory with www:www ownership and change your log file to /var/log/nginx/access.log.


----------

