diff options
author | Izorkin <izorkin@elven.pw> | 2019-05-30 14:11:56 +0300 |
---|---|---|
committer | Izorkin <izorkin@elven.pw> | 2019-12-15 11:21:08 +0300 |
commit | 2a413da57efc4c2009c984c63def8e9060771269 (patch) | |
tree | 701753f28d6e627defaeaafda3e118b1f48d3f70 /nixos/doc | |
parent | ed5c0443c1f759551b2c71a98daa8c2b7e242f73 (diff) | |
download | nixpkgs-2a413da57efc4c2009c984c63def8e9060771269.tar nixpkgs-2a413da57efc4c2009c984c63def8e9060771269.tar.gz nixpkgs-2a413da57efc4c2009c984c63def8e9060771269.tar.bz2 nixpkgs-2a413da57efc4c2009c984c63def8e9060771269.tar.lz nixpkgs-2a413da57efc4c2009c984c63def8e9060771269.tar.xz nixpkgs-2a413da57efc4c2009c984c63def8e9060771269.tar.zst nixpkgs-2a413da57efc4c2009c984c63def8e9060771269.zip |
nixos/nginx: do not run anything as root
Diffstat (limited to 'nixos/doc')
-rw-r--r-- | nixos/doc/manual/release-notes/rl-2003.xml | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/nixos/doc/manual/release-notes/rl-2003.xml b/nixos/doc/manual/release-notes/rl-2003.xml index 579b8d53744..55bd88ba850 100644 --- a/nixos/doc/manual/release-notes/rl-2003.xml +++ b/nixos/doc/manual/release-notes/rl-2003.xml @@ -251,6 +251,18 @@ </listitem> <listitem> <para> + The nginx web server previously started its master process as root + privileged, then ran worker processes as a less privileged identity user. + This was changed to start all of nginx as a less privileged user (defined by + <literal>services.nginx.user</literal> and + <literal>services.nginx.group</literal>). As a consequence, all files that + are needed for nginx to run (included configuration fragments, SSL + certificates and keys, etc.) must now be readable by this less privileged + user/group. + </para> + </listitem> + <listitem> + <para> OpenSSH has been upgraded from 7.9 to 8.1, improving security and adding features but with potential incompatibilities. Consult the <link xlink:href="https://www.openssh.com/txt/release-8.1"> |