403 after changing root, but permissions look correct

Steve Holdoway steve at greengecko.co.nz
Sun Mar 23 21:35:28 UTC 2014


Having just had a similar problem with migrating a MySQL database, I
suggest that you check whether SELinux/Apparmor is running.

Why prople think it's ok to use a program that can be switched off in an
instant to improve their 'security' is and always will be a mystery to
me!

Cheers,

Steve

On Sun, 2014-03-23 at 11:48 -0400, Adam Pearlman wrote:
> I've been struggling with this for a few hours. 
> 
> I installed nginx 1.4.6 on Fedora 20. The test page displayed fine. I
> changed the root, leaving all other configuration the same, and I get
> a 403 Forbidden error. 
> 
> If I look at the permissions for the original test page and the new
> page, they appear identical.
> 
> Working test page:
> namei -om /usr/share/nginx/html/index.html
> f: /usr/share/nginx/html/index.html
> dr-xr-xr-x root root /
> drwxr-xr-x root root usr
> drwxr-xr-x root root share
> drwxr-xr-x root root nginx
> drwxr-xr-x root root html
> -rw-r--r-- root root index.html
> 
> Not working:
> namei -om /var/www/html/index.html
> f: /var/www/html/index.html
> dr-xr-xr-x root root /
> drwxr-xr-x root root var
> drwxr-xr-x root root www
> drwxr-xr-x root root html
> -rw-r--r-- root root index.html
> 
> The error log seems to be what I would expect as well:
> 2014/03/23 12:45:08 [error] 5490#0: *13 open()
> "/var/www/html/index.html" failed (13: Permission denied), client:
> XXX.XX.XXX.XXX, server: localhost, request: "GET /index.html
> HTTP/1.1", host: "ec2-XXX-XX-XXX-XXX.compute-1.amazonaws.com"
> 
> 
> The Nginx config has "user nginx" - I tried using root and it made no
> difference. I also made user ngnix the owner & group of the files, but
> that didn't work. If I move the index file from /var/www/html
> to /usr/share/nginx/html (the test file location) it works fine making
> me suspect the path, but as I said, permissions appear correct. 
> 
> 
> Any help would be very much appreciated. Thanks!
> 
> 
> - Adam
> 
> 
> I've included the config file below just in case:
> 
> 
> # For more information on configuration, see:
> #   * Official English Documentation: http://nginx.org/en/docs/
> #   * Official Russian Documentation: http://nginx.org/ru/docs/
> 
> user nginx;
> worker_processes  1;
> 
> error_log  /var/log/nginx/error.log;
> #error_log  /var/log/nginx/error.log  notice;
> #error_log  /var/log/nginx/error.log  info;
> 
> pid        /run/nginx.pid;
> 
> events {
>     worker_connections  1024;
> }
> 
> http {
>     include       /etc/nginx/mime.types;
>     default_type  application/octet-stream;
> 
>     log_format  main  '$remote_addr - $remote_user [$time_local]
> "$request" '
>                       '$status $body_bytes_sent "$http_referer" '
>                       '"$http_user_agent" "$http_x_forwarded_for"';
> 
>     access_log  /var/log/nginx/access.log  main;
> 
>     sendfile        on;
>     #tcp_nopush     on;
> 
>     #keepalive_timeout  0;
>     keepalive_timeout  65;
> 
>     #gzip  on;
> 
>     # Load modular configuration files from the /etc/nginx/conf.d
> directory.
>     # See http://nginx.org/en/docs/ngx_core_module.html#include
>     # for more information.
>     include /etc/nginx/conf.d/*.conf;
> 
>     index   index.html index.htm;
> 
>     server {
>         listen       80;
>         server_name  localhost;
>         root         /usr/share/nginx/html; ################THIS WORKS
>         #root         /var/www/html; #####################THIS DOESN'T
> 
>         #charset koi8-r;
> 
>         #access_log  /var/log/nginx/host.access.log  main;
> 
>         location / {
>         }
> 
>         # redirect server error pages to the static page /40x.html
>         #
>         error_page  404              /404.html;
>         location = /40x.html {
>         }
> 
>         # redirect server error pages to the static page /50x.html
>         #
>         error_page   500 502 503 504  /50x.html;
>         location = /50x.html {
>         }
> 
>         # proxy the PHP scripts to Apache listening on 127.0.0.1:80
>         #
>         #location ~ \.php$ {
>         #    proxy_pass   http://127.0.0.1;
>         #}
> 
>         # pass the PHP scripts to FastCGI server listening on
> 127.0.0.1:9000
>         #
>         #location ~ \.php$ {
>         #    root           html;
>         #    fastcgi_pass   127.0.0.1:9000;
>         #    fastcgi_index  index.php;
>         #    fastcgi_param  SCRIPT_FILENAME  /scripts
> $fastcgi_script_name;
>         #    include        fastcgi_params;
>         #}
> 
>         # deny access to .htaccess files, if Apache's document root
>         # concurs with nginx's one
>         #
>         #location ~ /\.ht {
>         #    deny  all;
>         #}
>     }
> 
>     # another virtual host using mix of IP-, name-, and port-based
> configuration
>     #
>     #server {
>     #    listen       8000;
>     #    listen       somename:8080;
>     #    server_name  somename  alias  another.alias;
>     #    root         html;
> 
>     #    location / {
>     #    }
>     #}
> 
> 
>     # HTTPS server
>     #
>     #server {
>     #    listen       443;
>     #    server_name  localhost;
>     #    root         html;
> 
>     #    ssl                  on;
>     #    ssl_certificate      cert.pem;
>     #    ssl_certificate_key  cert.key;
> 
>     #    ssl_session_timeout  5m;
> 
>     #    ssl_protocols  SSLv2 SSLv3 TLSv1;
>     #    ssl_ciphers  HIGH:!aNULL:!MD5;
>     #    ssl_prefer_server_ciphers   on;
> 
>     #    location / {
>     #    }
>     #}
> 
> }
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

-- 
Steve Holdoway BSc(Hons) MIITP
http://www.greengecko.co.nz
Linkedin: http://www.linkedin.com/in/steveholdoway
Skype: sholdowa



More information about the nginx mailing list