DigitalOcean

Report this

What is the reason for this report?
Question

Owner of NGINX process

Posted on November 7, 2017
Nginx
Security
Ubuntu 16.04
Ubuntu
d132aa72b5b247d581426d7dc95794

By d132aa72b5b247d581426d7dc95794

Hi there!

I’ve just installed nginx and wondering why there are two processes. One process is owned by root, the other one is owned by www-data.

PID  USER      PR  NI    VIRT    RES    SHR S %CPU %MEM     TIME+ COMMAND
7017 root      20   0  124972   1432     80 S  0.0  0.3   0:00.00 nginx                                                                                       
7018 www-data  20   0  125332   3168   1588 S  0.0  0.6   0:00.00 nginx

I didn’t changed the nginx.conf yet, so the configured user is still www-data.

Is it correct that one process is owned by root? Is that a security risk I need to worry about?

Thank you very much!

  • Matthias


This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
0
Jon Leibowitz
Jon Leibowitz
November 7, 2017

The process owned by root is the nginx parent process. This process forks worker processes which are run by the user defined in nginx.conf.

0
Elizabeth Anderson
Elizabeth Anderson
November 8, 2017

The nginx process is running as www-data, so, the root:www-data ownership would only work with group write permissions set. There is no major issue with running with your web files owned by www-data:www-data but if you are concerned you could give ownership of wp-content to www-data and leave the rest of the install as root:www-data.

0
acicali
acicali
May 16, 2020

A bit of clarification - only the root user can listen on ports less than 1024. This is for security reasons, otherwise system users could eavesdrop on each other.

Since web traffic is typically hosted on ports 80 and 443, a web server actually needs to run as root in order to listen on and server traffic over those ports.

To reduce the attack surface, increase stability (and probably other reasons) NGINX runs one parent process as root. The parent process manages spawning child processes as well as passing requests off to them. This means that the actual process that handles each request is non-root and less privileged.

Become a contributor for community

Get paid to write technical tutorials and select a tech-focused charity to receive a matching donation.

Sign Up

DigitalOcean Documentation

Full documentation for every DigitalOcean product.

Learn more

Resources for startups and SMBs

The Wave has everything you need to know about building a business, from raising funding to marketing your product.

Learn more

Get our newsletter

Stay up to date by signing up for DigitalOcean’s Infrastructure as a Newsletter.

New accounts only. By submitting your email you agree to our Privacy Policy

The developer cloud

Scale up as you grow — whether you're running one virtual machine or ten thousand.

Get started for free

Sign up and get $200 in credit for your first 60 days with DigitalOcean.*

*This promotional offer applies to new accounts only.

© 2025 DigitalOcean, LLC.Sitemap.