0

I tried:

user nginx; ... ... location / { root /home/tango/www/html; }

Only to get 403 forbidden error. The /home/tango/www/html/index.html is generated by tango so I don't think I can put that in /var/www/html/ writing where requires root permission.

The error log confirms the permission error:

2020/07/28 11:50:12 [error] 122769#0: *533 open() "/home/tango/www/html/index.html" failed (13: Permission denied), client: XXX.YYY.ZZZ.AAA, server: , request: "GET /diagcte HTTP/1.1", host: "my.org"

However, ls -la /home/tango/www/html/index.html shows:

-rw-r--r--. 1 tango posixusers 212 Jul 28 11:33 /home/tb571/www/html/index.html

So the nginx user should have read permission.

Anyways, can you help with serving a non-root static file through nginx?

Improve this question
0

1 Answer 1

Reset to default
0

The parent directory of the file nginx is trying to access must also have suitable permissions, not just the file itself. Typically a /home directory is not accessible to other users.

You'd need to do something like chgrp -R nginx /home/tango ; chmod g+rx /home/tango, but consider the security implications of this in your own setup.

Depending on your distro, SELinux could also be denying permission. Try audit2allow -a to see if that is causing an issue.

However, it may be advisable to move the root somewhere else and give tango write access there, rather than giving nginx access to the /home directory.

Improve this answer
6
  • Hi @tetech, I did the latter, moved the root to /tmp/www/html/. Although index.html exists in the new root, now the error log says 2020/07/28 12:10:30 [error] 129758#0: *538 open() "/tmp/www/html/index.html" failed (2: No such file or directory), client: XXX.YY server: , request: "GET /index.html HTTP/1.1", host: "my.org" What can I do now? Commented Jul 28, 2020 at 16:13
  • If the nginx config has been updated and it has been restarted, file permissions are OK, then it should work; SELinux may not apply to you but is sometimes overlooked, try echo 0 > /selinux/enforce to disable temporarily, then re-try. Commented Jul 28, 2020 at 16:27
  • /tmp is also a bad choice, since different users might have their own /tmp directories. You should use /var/www/html. Commented Jul 28, 2020 at 19:49
  • Hi @TeroKilkanen, I already mentioned-- a non-root user does not have write permission in /var/www/html directory. Commented Jul 28, 2020 at 19:53
  • Then you should use some other directory where you can assign appropriate permissions, but not /tmp. Commented Jul 28, 2020 at 19:56

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.