From ca7c0f25b00b0e785eab5546ecfaee9f6c63585a Mon Sep 17 00:00:00 2001
From: thefosk <marco@mashape.com>
Date: Mon, 8 Feb 2016 12:43:43 -0800
Subject: [PATCH] The user directive is set only if the user is root

---
 kong.yml                    |  2 +-
 kong/cli/services/nginx.lua | 14 +++++++++++++-
 2 files changed, 14 insertions(+), 2 deletions(-)

diff --git a/kong.yml b/kong.yml
index ff94d18185c..13a2dc67605 100644
--- a/kong.yml
+++ b/kong.yml
@@ -164,7 +164,7 @@
 ## This file can tweaked to some extent, but many directives are necessary for Kong to work.
 ## /!\ BE CAREFUL
 nginx: |
-  user {{user}};
+  {{user}}
   worker_processes auto;
   error_log logs/error.log error;
   daemon on;
diff --git a/kong/cli/services/nginx.lua b/kong/cli/services/nginx.lua
index 0e4c6e2752d..a0c4b62abc1 100644
--- a/kong/cli/services/nginx.lua
+++ b/kong/cli/services/nginx.lua
@@ -59,11 +59,23 @@ local function get_current_user()
   return IO.os_execute("whoami")
 end
 
+local function get_primary_group(user)
+  return IO.os_execute("id -g -n "..user)
+end
+
+local function is_root()
+  local _, exit_code = IO.os_execute("[[ $EUID -eq 0 ]]")
+  return exit_code == 0
+end
+
 local function prepare_nginx_configuration(configuration, ssl_config)
+
+  local current_user = get_current_user()
+
   -- Extract nginx config from kong config, replace any needed value
   local nginx_config = configuration.nginx
   local nginx_inject = {
-    user = get_current_user(),
+    user = is_root() and "user "..current_user.." "..get_primary_group(current_user)..";" or "",
     proxy_listen = configuration.proxy_listen,
     proxy_listen_ssl = configuration.proxy_listen_ssl,
     admin_api_listen = configuration.admin_api_listen,