Centos 7 file permission problem

Aziz Rozyev arozyev at nginx.com
Wed Dec 20 11:17:18 UTC 2017


Hi,

have you checked this with disabled selinux ? 

br,
Aziz.





> On 20 Dec 2017, at 11:07, lists at lazygranch.com wrote:
> 
> I'm setting up a web server on a Centos 7 VPS. I'm relatively sure I
> have the firewalls set up properly since I can see my browser requests
> in the access and error log. That said, I have file permission problem. 
> 
> nginx 1.12.2
> Linux servername 3.10.0-693.5.2.el7.x86_64 #1 SMP Fri Oct 20 20:32:50 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
> 
> 
> nginx.conf (with comments removed for brevity and my domain name remove
> because google)
> -------
> user nginx;
> worker_processes auto;
> error_log /var/log/nginx/error.log;
> pid /run/nginx.pid;
> 
> events {
>    worker_connections 1024;
> }
> 
> http {
>    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
>                      '$status $body_bytes_sent "$http_referer" '
>                      '"$http_user_agent" "$http_x_forwarded_for"';
> 
>    access_log  /var/log/nginx/access.log  main;
> 
>    sendfile            on;
>    tcp_nopush          on;
>    tcp_nodelay         on;
>    keepalive_timeout   65;
>    types_hash_max_size 2048;
> 
>    include             /etc/nginx/mime.types;
>    default_type        application/octet-stream;
> 
> server {
>        listen 80;
>        server_name mydomain.com www.mydomain.com;
> 
>        return 301 https://$host$request_uri;
> }
> 
>    server {
>        listen       443 ssl  http2;
>        server_name  mydomain.com www.mydomain.com;
>        ssl_dhparam /etc/ssl/certs/dhparam.pem;
>        root         /usr/share/nginx/html/mydomain.com/public_html;
> 
> ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
> ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
>        ssl_ciphers HIGH:!aNULL:!MD5;
>        ssl_prefer_server_ciphers on;
> 
>        location / {
>            root   /usr/share/nginx/html/mydomain.com/public_html;
>            index  index.html index.htm;
>        }
> #
>        error_page 404 /404.html;
>            location = /40x.html {
>        }
> #
>        error_page 500 502 503 504 /50x.html;
>            location = /50x.html {
>        }
>    }
> 
> }
> 
> I have firefox set up with no cache and do not save history.
> -------------------------------------------------------------
> access log:
> 
> mypi - - [20/Dec/2017:07:46:44 +0000] "GET /index.html HTTP/2.0" 403 169
> "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
> Firefox/52.0" "-"
> 
> myip - - [20/Dec/2017:07:48:44 +0000] "GET /index.html
> HTTP/2.0" 403 169 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0)
> Gecko/20100101 Firefox/52.0" "-"
> -------------------------------
> error log:
> 
> 2017/12/20 07:46:44 [error] 10146#0: *48 open() "/usr/share/nginx/html/mydomain.com/public_html/index.html" failed (13: Permission denied), client: myip, server: mydomain.com, request: "GET /index.html HTTP/2.0", host: "mydomain.com"
> 2017/12/20 07:48:44 [error] 10146#0: *48 open() "/usr/share/nginx/html/mydomain.com/public_html/index.html" failed (13: Permission denied), client: myip, server: mydomain.com, request: "GET /index.html HTTP/2.0", host: "mydomain.com"
> 
> 
> Directory permissions:
> For now, I made eveything 755 with ownership nginx:nginx I did chmod
> and chown with the -R option
> 
> /etc/nginx:
> drwxr-xr-x.  4 nginx nginx    4096 Dec 20 07:39 nginx
> 
> /usr/share/nginx:
> drwxr-xr-x.   4 nginx nginx    33 Dec 15 08:47 nginx
> 
> /var/log:
> drwx------. 2 nginx  nginx    4096 Dec 20 07:51 nginx
> --------------------------------------------------------------
> systemctl status nginx
> ● nginx.service - The nginx HTTP and reverse proxy server
>   Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
>   Active: active (running) since Wed 2017-12-20 04:21:37 UTC; 3h 37min ago
>  Process: 10145 ExecReload=/bin/kill -s HUP $MAINPID (code=exited, status=0/SUCCESS)
> Main PID: 9620 (nginx)
>   CGroup: /system.slice/nginx.service
>           ├─ 9620 nginx: master process /usr/sbin/nginx
>           └─10146 nginx: worker process
> 
> 
> Dec 20 07:18:33 servername systemd[1]: Reloaded The nginx HTTP and reverse proxy server.
> --------------------------------------------------------------
> 
> ps aux | grep nginx
> root      9620  0.0  0.3  71504  3848 ?        Ss   04:21   0:00 nginx: master process /usr/sbin/nginx
> nginx    10146  0.0  0.4  72004  4216 ?        S    07:18   0:00 nginx: worker process
> root     10235  0.0  0.0 112660   952 pts/1    S+   08:01   0:00 grep ngin
> 
> -----------------------------------
> firewall-cmd --zone=public --list-all
> public (active)
>  target: default
>  icmp-block-inversion: no
>  interfaces: eth0
>  sources: 
>  services: ssh dhcpv6-client http https
>  ports: 
>  protocols: 
>  masquerade: no
>  forward-ports: 
>  source-ports: 
>  icmp-blocks: 
>  rich rules:
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx



More information about the nginx mailing list