How to Create Nginx User for spawn-fcgi After Source Compilation in Linux


4 views

When manually compiling Nginx from source on Linux systems (particularly CentOS/RHEL), you might encounter the spawn-fcgi: can't find user name nginx error during PHP FastCGI process startup. Unlike package manager installations (yum or apt), source compilation doesn't automatically create system users.

Execute these commands as root:

# For CentOS/RHEL:
groupadd -r nginx
useradd -r -g nginx -s /sbin/nologin -d /var/cache/nginx -c "Nginx web server" nginx

# For Debian/Ubuntu:
addgroup --system nginx
adduser --system --disabled-login --disabled-password --no-create-home --gecos "nginx web server" --ingroup nginx nginx

After user creation, set proper ownership for Nginx directories:

chown -R nginx:nginx /var/log/nginx
chown -R nginx:nginx /var/cache/nginx
chmod -R 755 /var/log/nginx

For PHP FastCGI processes, modify your spawn-fcgi configuration:

# Example spawn-fcgi init script modification
SPAWN_USER="nginx"
SPAWN_GROUP="nginx"
SPAWN_CHILDREN=6
/usr/bin/spawn-fcgi -a 127.0.0.1 -p 9000 -u $SPAWN_USER -g $SPAWN_GROUP -C $SPAWN_CHILDREN -f /usr/bin/php-cgi

Confirm the user exists and processes run correctly:

id nginx
ps aux | grep nginx
netstat -tulnp | grep 9000
  • Check SELinux contexts if permissions persist: restorecon -Rv /var/log/nginx
  • Validate user in /etc/passwd: grep nginx /etc/passwd
  • For systemd systems, create proper service files with User=nginx directive

When compiling Nginx from source instead of using package managers like yum (CentOS/RHEL) or apt (Debian/Ubuntu), you might encounter this common error when trying to start PHP FastCGI processes:

Starting php-cgi: spawn-fcgi: can't find user name nginx

Package managers automatically create system users during installation, but manual compilation doesn't handle this. The error occurs because:

  • Nginx expects to run worker processes under a dedicated "nginx" user
  • Your PHP FastCGI configuration references this non-existent user
  • Proper permission isolation is missing for security

Here's the complete solution for CentOS/RHEL systems:

# Create system user without login shell
sudo useradd -r -s /sbin/nologin nginx

# Verify the user was created
id nginx
# Should output: uid=998(nginx) gid=996(nginx) groups=996(nginx)

# Set proper ownership for Nginx directories
sudo chown -R nginx:nginx /var/log/nginx
sudo chown -R nginx:nginx /etc/nginx

Update your PHP FastCGI startup script (usually in /etc/init.d/php_cgi):

# Example spawn-fcgi configuration
SPAWNFCGI="/usr/bin/spawn-fcgi"
FCGI_HOST="127.0.0.1"
FCGI_PORT="9000"
FCGI_USER="nginx"
FCGI_GROUP="nginx"
FCGI_CHILDREN=4
FCGI_PID="/var/run/php-fcgi.pid"

$SPAWNFCGI -a $FCGI_HOST -p $FCGI_PORT -u $FCGI_USER -g $FCGI_GROUP \
           -C $FCGI_CHILDREN -P $FCGI_PID -- /usr/bin/php-cgi

After implementing these changes:

# Start services
sudo /etc/init.d/php_cgi start
sudo service nginx start

# Check running processes
ps aux | grep nginx
# Should show nginx worker processes running as nginx user

ps aux | grep php-cgi
# Should show PHP processes running as nginx user

For production environments, consider these additional measures:

  • Create separate users for different web applications if needed
  • Set umask 0027 for the nginx user
  • Implement proper SELinux/AppArmor policies
  • Regularly audit file permissions in web directories