Add users to nginx-agent group
This page describes how the F5 NGINX Agent process interacts with the NGINX user on a system, and how to add users to the NGINX Agent group.
During installation, NGINX Agent detects the NGINX user (typically nginx) for the master and worker processes and adds this user to a group called nginx-agent.
If you change the NGINX username after installing the NGINX Agent, you’ll need to add the new username to the nginx-agent group so that the NGINX socket has the proper permissions.
A failure to update the nginx-agent group when the NGINX username changes may result in non-compliance errors for NGINX Plus.
NGINX Agent creates a socket in the default location /var/run/nginx-agent/nginx.sock. You can customize this location by editing the nginx-agent.conf file and setting the path similar to the following example:
nginx:
...
socket: "unix:/var/run/nginx-agent/nginx.sock"The socket server starts when the NGINX socket configuration is enabled; the socket configuration is enabled by default.
To manually add NGINX users to the nginx-agent group, take the following steps:
-
Verify the
nginx-agentgroup exists:sudo getent group | grep nginx-agentThe output looks similar to the following example:
nginx-agent:x:1001:root,nginxIf the group doesn’t exist, create it by running the following command:
sudo groupadd nginx-agent -
Verify the ownership of
/var/run/nginx-agentdirectory:ls -l /var/run/nginx-agentThe output looks similar to the following:
total 0 srwxrwxr-x 1 root nginx-agent 0 Jun 13 10:51 nginx.sockvvIf the group ownership is not
nginx-agent, change the ownership by running the following command:sudo chown :nginx-agent /var/run/nginx-agent -
To add NGINX user(s) to the
nginx-agentgroup, run the following command:sudo usermod -a -G nginx-agent <username>For example to add the
nginxuser, take the following step:sudo usermod -a -G nginx-agent nginxRepeat for all NGINX users.