403 after changing root, but permissions look correct
Steve Holdoway
steve at greengecko.co.nz
Sun Mar 23 21:35:28 UTC 2014
Having just had a similar problem with migrating a MySQL database, I
suggest that you check whether SELinux/Apparmor is running.
Why prople think it's ok to use a program that can be switched off in an
instant to improve their 'security' is and always will be a mystery to
me!
Cheers,
Steve
On Sun, 2014-03-23 at 11:48 -0400, Adam Pearlman wrote:
> I've been struggling with this for a few hours.
>
> I installed nginx 1.4.6 on Fedora 20. The test page displayed fine. I
> changed the root, leaving all other configuration the same, and I get
> a 403 Forbidden error.
>
> If I look at the permissions for the original test page and the new
> page, they appear identical.
>
> Working test page:
> namei -om /usr/share/nginx/html/index.html
> f: /usr/share/nginx/html/index.html
> dr-xr-xr-x root root /
> drwxr-xr-x root root usr
> drwxr-xr-x root root share
> drwxr-xr-x root root nginx
> drwxr-xr-x root root html
> -rw-r--r-- root root index.html
>
> Not working:
> namei -om /var/www/html/index.html
> f: /var/www/html/index.html
> dr-xr-xr-x root root /
> drwxr-xr-x root root var
> drwxr-xr-x root root www
> drwxr-xr-x root root html
> -rw-r--r-- root root index.html
>
> The error log seems to be what I would expect as well:
> 2014/03/23 12:45:08 [error] 5490#0: *13 open()
> "/var/www/html/index.html" failed (13: Permission denied), client:
> XXX.XX.XXX.XXX, server: localhost, request: "GET /index.html
> HTTP/1.1", host: "ec2-XXX-XX-XXX-XXX.compute-1.amazonaws.com"
>
>
> The Nginx config has "user nginx" - I tried using root and it made no
> difference. I also made user ngnix the owner & group of the files, but
> that didn't work. If I move the index file from /var/www/html
> to /usr/share/nginx/html (the test file location) it works fine making
> me suspect the path, but as I said, permissions appear correct.
>
>
> Any help would be very much appreciated. Thanks!
>
>
> - Adam
>
>
> I've included the config file below just in case:
>
>
> # For more information on configuration, see:
> # * Official English Documentation: http://nginx.org/en/docs/
> # * Official Russian Documentation: http://nginx.org/ru/docs/
>
> user nginx;
> worker_processes 1;
>
> error_log /var/log/nginx/error.log;
> #error_log /var/log/nginx/error.log notice;
> #error_log /var/log/nginx/error.log info;
>
> pid /run/nginx.pid;
>
> events {
> worker_connections 1024;
> }
>
> http {
> include /etc/nginx/mime.types;
> default_type application/octet-stream;
>
> log_format main '$remote_addr - $remote_user [$time_local]
> "$request" '
> '$status $body_bytes_sent "$http_referer" '
> '"$http_user_agent" "$http_x_forwarded_for"';
>
> access_log /var/log/nginx/access.log main;
>
> sendfile on;
> #tcp_nopush on;
>
> #keepalive_timeout 0;
> keepalive_timeout 65;
>
> #gzip on;
>
> # Load modular configuration files from the /etc/nginx/conf.d
> directory.
> # See http://nginx.org/en/docs/ngx_core_module.html#include
> # for more information.
> include /etc/nginx/conf.d/*.conf;
>
> index index.html index.htm;
>
> server {
> listen 80;
> server_name localhost;
> root /usr/share/nginx/html; ################THIS WORKS
> #root /var/www/html; #####################THIS DOESN'T
>
> #charset koi8-r;
>
> #access_log /var/log/nginx/host.access.log main;
>
> location / {
> }
>
> # redirect server error pages to the static page /40x.html
> #
> error_page 404 /404.html;
> location = /40x.html {
> }
>
> # redirect server error pages to the static page /50x.html
> #
> error_page 500 502 503 504 /50x.html;
> location = /50x.html {
> }
>
> # proxy the PHP scripts to Apache listening on 127.0.0.1:80
> #
> #location ~ \.php$ {
> # proxy_pass http://127.0.0.1;
> #}
>
> # pass the PHP scripts to FastCGI server listening on
> 127.0.0.1:9000
> #
> #location ~ \.php$ {
> # root html;
> # fastcgi_pass 127.0.0.1:9000;
> # fastcgi_index index.php;
> # fastcgi_param SCRIPT_FILENAME /scripts
> $fastcgi_script_name;
> # include fastcgi_params;
> #}
>
> # deny access to .htaccess files, if Apache's document root
> # concurs with nginx's one
> #
> #location ~ /\.ht {
> # deny all;
> #}
> }
>
> # another virtual host using mix of IP-, name-, and port-based
> configuration
> #
> #server {
> # listen 8000;
> # listen somename:8080;
> # server_name somename alias another.alias;
> # root html;
>
> # location / {
> # }
> #}
>
>
> # HTTPS server
> #
> #server {
> # listen 443;
> # server_name localhost;
> # root html;
>
> # ssl on;
> # ssl_certificate cert.pem;
> # ssl_certificate_key cert.key;
>
> # ssl_session_timeout 5m;
>
> # ssl_protocols SSLv2 SSLv3 TLSv1;
> # ssl_ciphers HIGH:!aNULL:!MD5;
> # ssl_prefer_server_ciphers on;
>
> # location / {
> # }
> #}
>
> }
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
--
Steve Holdoway BSc(Hons) MIITP
http://www.greengecko.co.nz
Linkedin: http://www.linkedin.com/in/steveholdoway
Skype: sholdowa
More information about the nginx
mailing list