SWAG: can nginx access other user's directory?

hi there,

I use SWAG inside a docker container. I am user ubuntu and have my stuff at /home/ubuntu/swag/…
Running nginx and accessing normal files under /home/ubuntu/swag/www

I have a friend whom I want to give a subdomain on my server. I set up a new username (say user2) with his home directory at /home/user2

Inside my docker-compose, I set up a volume link to his home directory:

  - /home/user2:/user2

I set up a subdomain proxy file for nginx and in the server section, I set:

root /user2/www;

Now, when I try to access the subdomain, I see that nginx doesn’t have access to his directory (error.log):

2024/03/22 11:53:10 [crit] 452#452: *2 stat() “/user2/www/index.html” failed (13: Permission denied)

I have tried to add user ubuntu to the group user2 (as /home/user2/www is owned by user2:user2) but it didn’t work.

How can I fix this permission issue?

Thank you!

either run two nginx instances (one under each user)
or put a common group on both users’ nginx folders and run nginx as that group, ensuring the folders/files allow read access to the group

So I think I need to change the default group of user2 to ubuntu (as I don’t see how the SWAG container can run 2 instances of nginx).
Are there any security risks with doing that?

you would run two containers

are you asking if there are security risks with giving another user’s group access to a different user’s whole home directory? :smiley: