403 after changing root, but permissions look correct

Adam Pearlman adam at adampearlman.com
Mon Mar 24 14:31:39 UTC 2014


Turns out this was my fault. I was using "sudo service nginx start" instead
of just "sudo nginx."


On Sun, Mar 23, 2014 at 5:35 PM, Steve Holdoway <steve at greengecko.co.nz>wrote:

> Having just had a similar problem with migrating a MySQL database, I
> suggest that you check whether SELinux/Apparmor is running.
>
> Why prople think it's ok to use a program that can be switched off in an
> instant to improve their 'security' is and always will be a mystery to
> me!
>
> Cheers,
>
> Steve
>
> On Sun, 2014-03-23 at 11:48 -0400, Adam Pearlman wrote:
> > I've been struggling with this for a few hours.
> >
> > I installed nginx 1.4.6 on Fedora 20. The test page displayed fine. I
> > changed the root, leaving all other configuration the same, and I get
> > a 403 Forbidden error.
> >
> > If I look at the permissions for the original test page and the new
> > page, they appear identical.
> >
> > Working test page:
> > namei -om /usr/share/nginx/html/index.html
> > f: /usr/share/nginx/html/index.html
> > dr-xr-xr-x root root /
> > drwxr-xr-x root root usr
> > drwxr-xr-x root root share
> > drwxr-xr-x root root nginx
> > drwxr-xr-x root root html
> > -rw-r--r-- root root index.html
> >
> > Not working:
> > namei -om /var/www/html/index.html
> > f: /var/www/html/index.html
> > dr-xr-xr-x root root /
> > drwxr-xr-x root root var
> > drwxr-xr-x root root www
> > drwxr-xr-x root root html
> > -rw-r--r-- root root index.html
> >
> > The error log seems to be what I would expect as well:
> > 2014/03/23 12:45:08 [error] 5490#0: *13 open()
> > "/var/www/html/index.html" failed (13: Permission denied), client:
> > XXX.XX.XXX.XXX, server: localhost, request: "GET /index.html
> > HTTP/1.1", host: "ec2-XXX-XX-XXX-XXX.compute-1.amazonaws.com"
> >
> >
> > The Nginx config has "user nginx" - I tried using root and it made no
> > difference. I also made user ngnix the owner & group of the files, but
> > that didn't work. If I move the index file from /var/www/html
> > to /usr/share/nginx/html (the test file location) it works fine making
> > me suspect the path, but as I said, permissions appear correct.
> >
> >
> > Any help would be very much appreciated. Thanks!
> >
> >
> > - Adam
> >
> >
> > I've included the config file below just in case:
> >
> >
> > # For more information on configuration, see:
> > #   * Official English Documentation: http://nginx.org/en/docs/
> > #   * Official Russian Documentation: http://nginx.org/ru/docs/
> >
> > user nginx;
> > worker_processes  1;
> >
> > error_log  /var/log/nginx/error.log;
> > #error_log  /var/log/nginx/error.log  notice;
> > #error_log  /var/log/nginx/error.log  info;
> >
> > pid        /run/nginx.pid;
> >
> > events {
> >     worker_connections  1024;
> > }
> >
> > http {
> >     include       /etc/nginx/mime.types;
> >     default_type  application/octet-stream;
> >
> >     log_format  main  '$remote_addr - $remote_user [$time_local]
> > "$request" '
> >                       '$status $body_bytes_sent "$http_referer" '
> >                       '"$http_user_agent" "$http_x_forwarded_for"';
> >
> >     access_log  /var/log/nginx/access.log  main;
> >
> >     sendfile        on;
> >     #tcp_nopush     on;
> >
> >     #keepalive_timeout  0;
> >     keepalive_timeout  65;
> >
> >     #gzip  on;
> >
> >     # Load modular configuration files from the /etc/nginx/conf.d
> > directory.
> >     # See http://nginx.org/en/docs/ngx_core_module.html#include
> >     # for more information.
> >     include /etc/nginx/conf.d/*.conf;
> >
> >     index   index.html index.htm;
> >
> >     server {
> >         listen       80;
> >         server_name  localhost;
> >         root         /usr/share/nginx/html; ################THIS WORKS
> >         #root         /var/www/html; #####################THIS DOESN'T
> >
> >         #charset koi8-r;
> >
> >         #access_log  /var/log/nginx/host.access.log  main;
> >
> >         location / {
> >         }
> >
> >         # redirect server error pages to the static page /40x.html
> >         #
> >         error_page  404              /404.html;
> >         location = /40x.html {
> >         }
> >
> >         # redirect server error pages to the static page /50x.html
> >         #
> >         error_page   500 502 503 504  /50x.html;
> >         location = /50x.html {
> >         }
> >
> >         # proxy the PHP scripts to Apache listening on 127.0.0.1:80
> >         #
> >         #location ~ \.php$ {
> >         #    proxy_pass   http://127.0.0.1;
> >         #}
> >
> >         # pass the PHP scripts to FastCGI server listening on
> > 127.0.0.1:9000
> >         #
> >         #location ~ \.php$ {
> >         #    root           html;
> >         #    fastcgi_pass   127.0.0.1:9000;
> >         #    fastcgi_index  index.php;
> >         #    fastcgi_param  SCRIPT_FILENAME  /scripts
> > $fastcgi_script_name;
> >         #    include        fastcgi_params;
> >         #}
> >
> >         # deny access to .htaccess files, if Apache's document root
> >         # concurs with nginx's one
> >         #
> >         #location ~ /\.ht {
> >         #    deny  all;
> >         #}
> >     }
> >
> >     # another virtual host using mix of IP-, name-, and port-based
> > configuration
> >     #
> >     #server {
> >     #    listen       8000;
> >     #    listen       somename:8080;
> >     #    server_name  somename  alias  another.alias;
> >     #    root         html;
> >
> >     #    location / {
> >     #    }
> >     #}
> >
> >
> >     # HTTPS server
> >     #
> >     #server {
> >     #    listen       443;
> >     #    server_name  localhost;
> >     #    root         html;
> >
> >     #    ssl                  on;
> >     #    ssl_certificate      cert.pem;
> >     #    ssl_certificate_key  cert.key;
> >
> >     #    ssl_session_timeout  5m;
> >
> >     #    ssl_protocols  SSLv2 SSLv3 TLSv1;
> >     #    ssl_ciphers  HIGH:!aNULL:!MD5;
> >     #    ssl_prefer_server_ciphers   on;
> >
> >     #    location / {
> >     #    }
> >     #}
> >
> > }
> > _______________________________________________
> > nginx mailing list
> > nginx at nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx
>
> --
> Steve Holdoway BSc(Hons) MIITP
> http://www.greengecko.co.nz
> Linkedin: http://www.linkedin.com/in/steveholdoway
> Skype: sholdowa
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20140324/e66b5ae9/attachment-0001.html>


More information about the nginx mailing list