question

yoonjung l. avatar image
yoonjung l. asked ·

Nginx user account & LD_PRELOAD

Hi,

I am doing POC with nginx 1.9.9. I installed Dynatrace 6.3 with latest fixpack as a general user(abc).

The nginx engine is started as a general user(abc), but the core engine is running as root user. The other forked processes are running as general user(abc). For more information, my customer uses startup script, and in contains many variables.

At first, I inserted the LD_PRELOAD option in the startup script (abc user), but the nginx engine was not started with segment fault and core dump.

Secondly, I inserted the LD_PRELOAD option in the .bash_profile, but the nginx engine was not started with segment fault and core dump.

Finally, I switched user as a root, and inserted LD_PRELOAD option in the .bash_profile, it was started.

My customer doesn't want to start the engine with root user.

Could be this issue related with file access permission? I've already changed the user (root), and the permission (777). Otherwise, what could be the reason of this case?

Thanks,

Yoonjung

6.3licenseNGINX
2 comments
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

is the customer using a self compiled version of Nginx or a version from a repository? If repository, which?

0 Likes 0 · ·

The customer is using self compiled version of Nginx, and the version is 1.9.9.

0 Likes 0 · ·
yoonjung l. avatar image
yoonjung l. answered ·

I tried to add LD_PRELOAD in nginx startup script, but the script runs nginx by daemon like "daemon --pidfile=${pidfile} ${nginx} -c ${conffile}. Therefore the LD_PRELOAD option is not applied. As I know the LD_PRELOAD is not inherited to other user processes. The master process is running by root user and the other forked processes are running by general user (not a super user). Therefore I separated startup script. The original startup script executes "daemon --pidfile=${pidfile} ${nginx_dt}", and the separated shell script(nginx.dt.sh) executes "sudo LD_PRELOAD ${DT_SO_FILE} ${nginx} -c ${conffile}. (${ngnx_dt}=/sw/nginx/sbin/nginx.dt.sh) I am not sure this workaround is the best way.

Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.

Harald Z. avatar image
Harald Z. answered ·

The agent needs a specific configuration (the offset file) to instrument Nginx. For known Nginx versions from a repository these offsets can be found in the default offset file. In the case where a self compiled version of Nginx is used, and the binary file contains debug symbols, the agent can create that configuration in a custom offset file, which is stored in the agent/conf directory in the Dynatrace folder structure. Therefore the agent (and Nginx) need write permissions to that directory. That's why it worked as root. However, once the file is created (after the first start), you should be able to run Nginx (and the agent) with your general user (abc). I would suggest to add LD_PRELOAD in the Nginx startup script (not .bash_profile).

Share
10 |2000000 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 50.0 MiB each and 250.0 MiB total.