File Upload Permissions Issues
VP Lists
lists at viaduct-productions.com
Tue Jun 26 20:56:55 UTC 2018
Hi folks.
I’m having a problem uploading any files of any significant size to a test site on my workstation.
2018/06/26 16:50:20 [crit] 36196#0: *1099 open() "/usr/local/var/run/nginx/client_body_temp/0000000018" failed (13: Permission denied), client: 127.0.0.1, server: pass1.local, request: "POST /upload HTTP/1.1", host: "pass1.local:8080", referrer: "http://pass1.local:8080/upload"
2018/06/26 16:50:20 [debug] 36196#0: *1099 http finalize request: 500, "/upload?" a:1, c:1
2018/06/26 16:50:20 [debug] 36196#0: *1099 event timer del: 16: 1530046280299
2018/06/26 16:50:20 [debug] 36196#0: *1099 http special response: 500, "/upload?"
2018/06/26 16:50:20 [debug] 36196#0: *1099 HTTP/1.1 500 Internal Server Error
Server: nginx/1.15.0
Date: Tue, 26 Jun 2018 20:50:20 GMT
Content-Type: text/html
Content-Length: 595
Connection: close
2018/06/26 16:50:20 [debug] 36196#0: *1099 write new buf t:1 f:0 00007FACB10021A0, pos 00007FACB10021A0, size: 162 file: 0, size: 0
2018/06/26 16:50:20 [debug] 36196#0: *1099 http write filter: l:0 f:0 s:162
2018/06/26 16:50:20 [debug] 36196#0: *1099 http output filter "/upload?"
2018/06/26 16:50:20 [debug] 36196#0: *1099 http copy filter: "/upload?"
2018/06/26 16:50:20 [debug] 36196#0: *1099 http postpone filter "/upload?" 00007FACB10023C0
2018/06/26 16:50:20 [debug] 36196#0: *1099 write old buf t:1 f:0 00007FACB10021A0, pos 00007FACB10021A0, size: 162 file: 0, size: 0
2018/06/26 16:50:20 [debug] 36196#0: *1099 write new buf t:0 f:0 0000000000000000, pos 000000010A332120, size: 140 file: 0, size: 0
2018/06/26 16:50:20 [debug] 36196#0: *1099 write new buf t:0 f:0 0000000000000000, pos 000000010A330F20, size: 53 file: 0, size: 0
2018/06/26 16:50:20 [debug] 36196#0: *1099 write new buf t:0 f:0 0000000000000000, pos 000000010A330FD0, size: 402 file: 0, size: 0
2018/06/26 16:50:20 [debug] 36196#0: *1099 http write filter: l:1 f:0 s:757
2018/06/26 16:50:20 [debug] 36196#0: *1099 http write filter limit 0
2018/06/26 16:50:20 [debug] 36196#0: *1099 writev: 757 of 757
2018/06/26 16:50:20 [debug] 36196#0: *1099 http write filter 0000000000000000
2018/06/26 16:50:20 [debug] 36196#0: *1099 http copy filter: 0 "/upload?"
2018/06/26 16:50:20 [debug] 36196#0: *1099 http finalize request: 0, "/upload?" a:1, c:1
2018/06/26 16:50:20 [debug] 36196#0: *1099 event timer add: 16: 5000:1530046225299
2018/06/26 16:50:20 [debug] 36196#0: *1099 http lingering close handler
2018/06/26 16:50:20 [debug] 36196#0: *1099 recv: eof:0, avail:73728, err:0
My nginx.conf has no set ‘user’ and here are the permissions set on the temp file upload folder for nginx:
$ ll /usr/local/var/run/nginx/
drwxr-xr-x 7 rich admin 238B Dec 8 2016 .
drwxr-xr-x 4 rich admin 136B Jun 19 15:19 ..
drwx------ 2 nobody admin 68B Dec 8 2016 client_body_temp
I have 4 workers owned by nobody:admin, and nginx is run as default, as root:admin.
Now this topic of permissions and “what user should run nginx” has come up before. Some say run as root, others say not. It’s my workstation, so it doesn’t really matter. It’s my dev box. The issue comes down to production.
Is there one way all of this should be run without the worried security devs out there from losing it? Since I’m here at another security issue with who runs what, maybe it’s a good time to get a consensus on how all this should be set up.
Cheers
_____________
Rich in Toronto @ VP
More information about the nginx
mailing list