File Upload Permissions Issues

VP Lists lists at
Wed Jun 27 13:42:04 UTC 2018

> On Jun 27, 2018, at 2:02 AM, Maxim Dounin <mdounin at> wrote:
> Hello!

Hello again!

> On Wed, Jun 27, 2018 at 12:56:09AM -0400, VP Lists wrote:
> [...]
>> OK, here’s where things get interesting:
>> On MacOS El Capitan:  --http-client-body-temp-path=/usr/local/var/run/nginx/client_body_temp
>> /usr						drwxr-xr-x@   13 root  wheel   442B May 26  2017 usr	
>> /usr/local					drwxr-xr-x    28 rich  admin   952B Mar 30 16:12 local
>> /usr/local/var					drwx------    36 rich  admin   1.2K May  7 21:01 var
> Clearly "nobody" has no rights to work with anything in 
> /usr/local/var.  That's what causes the error you've faced.  You 
> have to fix it for things to work.

I changed it to 755.  Works now.  

> [...]
>> On two different boxes, two different OSes, showing variable 
>> eXecution permissions within the path.  Not only that, but in 
>> both instances, the client_body_temp permissions show “drwx- - - 
>> - - -“, and for two different owner:group combinations.  
>> Why would nginx allow this to happen?  Is it not thinkable that 
>> either nginx would state that a clear path to the directory 
>> responsible for receiving file uploads be permitted?  Or maybe 
>> the maintainers receiving this as a criteria for installation?  
>> I find this quite odd.  
>> Running around patching up path permissions to installed 
>> directories, specific to nginx, is truly strange.  
> Permissions on FreeBSD are perfectly fine.
> Permissions on macOS are broken due to incorrect permissions on 
> /usr/local/var, and it's clearly not nginx business to do anything 
> with permissions on the system-wide directory.
> If you think packaging system you've used to install things into 
> /usr/local/ could be better at maintaining correct permissions on 
> various folders under /usr/local/ - you may want to contact 
> authors of the packaging system.

With regards to system-wide directories and nginx choosing this as the target directory, I’m not versed in who has what right to do what during installation, with regards to chmod, chown, chgrp, etc.  As well, the same goes for package managers vs nginx.  I was just under the assumption it would all have a collective agreement that a sticky permission (t) would apply so that there could be some kind of installation functionality happening.  But I guess not, so the /usr/local/var permissions, even though a system-wide directory, needed to be changed.  


Rich in Toronto @ VP

More information about the nginx mailing list