Привет, ребят.
Подскажите мне, где у меня косяки в настройке nginx + pfp-fpm? Мне в логах сервера пишет вот такую ошибку на простой скрипт, который выполняет phpinfo().
2014/09/04 22:06:10 [crit] 3944#0: *455 open() "/var/lib/nginx/tmp/fastcgi/7/04/0000000047" failed (13: Permission denied) while reading upstream, client: xx.xxx.xx.xx, server: xxx.xxx.xxx.xxx, request: "GET /info.php HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "xxx.xxx.xxx.xxx"Какие конфиги сюда скопировать, чтобы можно было помочь? У какого пользователя должны быть права? Какие должны быть права? И где этот пользователь должен быть прописан в файлах?
Спасибо большое
p.s. установлена CentOS 6+
I am using the default config while adding the specific directory with nginx installed on my ubuntu 12.04 machine.
server {
#listen 80; ## listen for ipv4; this line is default and implied
#listen [::]:80 default ipv6only=on; ## listen for ipv6
index index.html index.htm;
# Make site accessible from http://localhost/
server_name localhost;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to index.html
root /username/test/static;
try_files $uri $uri/ /index.html;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
...
...
}
I just want a simple static nginx server to serve files out of that directory. However, checking the error.log I see
2014/09/10 16:55:16 [crit] 10808#0: *2 stat() "/username/test/static/index.html" failed (13: Permission denied), client:, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "domain"
2014/09/10 16:55:16 [error] 10808#0: *2 rewrite or internal redirection cycle while internally redirecting to "/index.html
I’ve already done chown -R www-data:www-data on /username/test/static, I’ve set them to chmod 755. I don’t know what else needs to be set.
techraf
64.3k26 gold badges192 silver badges197 bronze badges
asked Sep 10, 2014 at 20:59
3
Nginx operates within the directory, so if you can’t cd to that directory from the nginx user then it will fail (as does the stat command in your log). Make sure the www-user can cd all the way to the /username/test/static. You can confirm that the stat will fail or succeed by running
sudo -u www-data stat /username/test/static
In your case probably the /username directory is the issue here. Usually www-data does not have permissions to cd to other users home directories.
The best solution in that case would be to add www-data to username group:
gpasswd -a www-data username
and make sure that username group can enter all directories along the path:
chmod g+x /username && chmod g+x /username/test && chmod g+x /username/test/static
For your changes to work, restart nginx
nginx -s reload
Freedom_Ben
11.1k10 gold badges68 silver badges88 bronze badges
answered Sep 10, 2014 at 22:26
Maciej SzMaciej Sz
10.9k7 gold badges40 silver badges56 bronze badges
11
Nginx need to have +x access on all directories leading to the site’s root directory.
Ensure you have +x on all of the directories in the path leading to the site’s root. For example, if the site root is /home/username/siteroot:
chmod +x /home/
chmod +x /home/username
chmod +x /home/username/siteroot
answered Apr 28, 2017 at 18:09
Sairam KrishSairam Krish
9,7583 gold badges53 silver badges64 bronze badges
3
I’ve just had the same problem on a CentOS 7 box.
Seems I’d hit selinux. Putting selinux into permissive mode (setenforce permissive) has worked round the problem for now. I’ll try and get back with a proper fix.
answered Jun 17, 2015 at 16:43
10
On CentOS 7.0 I had this Access Deined problem caused by SELinux and these steps resolved the issue:
yum install -y policycoreutils-devel
grep nginx /var/log/audit/audit.log | audit2allow -M nginx
semodule -i nginx.pp
Update: Just a side-note from what I’ve learned while using digitalocean’s virtual Linux servers, or as they call them Droplets. Using SELinux requires a decent amount of RAM. It’s most probably like you won’t be able to run and manage SELinux on a droplet with less than 2GB of RAM.
answered Jun 20, 2015 at 9:46
AchillesAchilles
1,5541 gold badge28 silver badges36 bronze badges
2
You may have Security-Enhanced Linux running, so add rule for that.
I had permission 13 errors, even though permissions were set and user existed..
chcon -Rt httpd_sys_content_t /username/test/static
answered Mar 9, 2016 at 13:04
Artjom KurapovArtjom Kurapov
6,0973 gold badges31 silver badges42 bronze badges
2
To check the default Nginx users:
sudo ps aux| grep nginx
You will get an output like this:
root 69558 0.0 0.0 66276 1708 ? Ss 10:14 0:00
nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
www-data 69559 0.0 0.1 66516 5540 ? S 10:14 0:00 nginx: worker process
www-data 69560 0.0 0.1 66516 6944 ? S 10:14 0:00 nginx: worker process
root 69794 0.0 0.0 8168 672 pts/1 S+ 10:19 0:00 grep --color=auto nginx
Also, check the nginx.conf file using any text editor of your choice: I will be using vim:
vim /etc/nginx/nginx.conf
Solution:
- Change the www-data user in the nginx.conf file to root, in case you are on root user.
- The Second solution is to add the user www-data to root group.
answered Nov 28, 2021 at 10:52
BoanergesBoanerges
1,16512 silver badges9 bronze badges
4
This is how i fixed this
sudo chmod o+x /home/ec2-user
answered Nov 16, 2020 at 14:24
3
I finally found my way through. In short, let’s say your username is joe and you hold a website under your personal filesystem /home/joe/path/to/website.
You literally have to tell the system that nginx is your pal.
Place nginx in joe group :
sudo gpasswd -a nginx joe
After that if it still doesn’t work, check right access of /home/joe directory. That’s probably the reason why nginx can’t reach the file because even if he is your friend now you have to open him the door to your house :
sudo chmod g+x /home/joe
That’s it. That’s literally all you have to do to give nginx access to your local files 
I don’t think there are security concerns with this method because nginx is the high authority and only an admin can change the group. nginx can now read what’s in joe directories. It’s only a security breach if the holder of the nginx account is different with the user you open directory access from, but in my case I’m the holder of both parties, that is in a local context.
answered Jan 26, 2020 at 5:17
vdegennevdegenne
12.1k14 gold badges80 silver badges104 bronze badges
1
Symptom:
Could not upload images to WordPress Media Library.
Cause:
(CentOS) yum update
Error:
2014/10/22 18:08:50 [crit] 23286#0: *5332 open() "/var/lib/nginx/tmp/client_body/0000000003" failed (13: Permission denied), client: 1.2.3.4, server: _, request: "POST /wp-admin/media-new.php HTTP/1.1", host: "example.com", referrer: "http://example/wp-admin/media-new.php"
Solution:
chown -R www-data:www-data /var/lib/nginx
answered Oct 22, 2014 at 18:14
PJ BrunetPJ Brunet
3,59040 silver badges37 bronze badges
I faced this problem, I solved it to give permissions to nginx user and group something like this:
chown -R nginx:nginx /username/test/static
answered Aug 26, 2017 at 3:39
julian salasjulian salas
3,6331 gold badge19 silver badges20 bronze badges
1
Change your nginx.conf user property to www-static files owener.
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user your_user_name;
# same other config
answered Feb 1, 2019 at 3:39
By default the static data, when you install the nginx, will be in /var/www/html.
So you can just copy your static folder into /var/html/ and set the
root /var/www/<your static folder>
in ngix.conf (or /etc/nginx/sites-available/default)
This worked for me on ubuntu but I guess it should not be much different for other distros.
Hope it helps.
answered Mar 29, 2016 at 1:10
Patrik BegoPatrik Bego
3,9681 gold badge26 silver badges24 bronze badges
In my case, the folder which served the files was a symbolic link to another folder, made with
ln -sf /origin /var/www/destination
Even though the permissions (user and group) where correct on the destination folder (the symbolic link), I still had the error because Nginx needed to have permissions to the origin folder whole’s hierarchy as well.
answered Oct 12, 2017 at 1:57
I had the same issue, I am using Plesk Onyx 17 with Centos7. I could see this error in proxy_error_log under the affected domain’s logs. All the dirs/files in /var/www/vhosts/ are owned by respective users (domain owners) and you can see that all of them are in psacln group. So solution was to add nginx also to this group, so he can see what he needs:
usermod -aG psacln nginx
And indeed, restart nginx and reload page with Ctrl+F5.
answered Mar 22, 2017 at 23:46
I found a work around:
Moved the folder to nginx configuration folder, in my case «/etc/nginx/my-web-app».
And then changed the permissions to root user «sudo chown -R root:root «my-web-app».
answered May 8, 2018 at 9:53
This is usually the privilege problem… For me, its because i use the /root/** as the nginx root, it need higher privilege. An easy way is just move the project into a directory created by yourself.
answered May 28, 2020 at 16:15
You can also add which user will run the nginx. In the nginx.conf file, make the following changes:
user root;
You can add the above line as the first line in your nginx conf.
You can write the name of any user who has the permission to write in that directory.
answered Dec 7, 2019 at 8:38
I am trying to migrate my website data to a new server and keep getting this error. I set up public key access and was able to complete rsync with a .txt file I then wanted to try a directory and it isn’t working. This is my first time using rsync so please let me know if you need more information.
Edit: both are remote servers the old is Ubuntu 14.04.4 and the new is Ubuntu 18.04.3
I have sudo permissions on each but I probably dont own the directory I am trying to move. I don’t know how to find out.
$ rsync -rt /var/www kiana@123.456.789.00:/home
rsync: recv_generator: mkdir "/home/www" failed: Permission denied (13)
*** Skipping any contents from this failed directory ***
rsync: readlink_stat("/var/www/vhosts/testing.site.org/wp-config.php") failed: Permission denied (13)
rsync: readlink_stat("/var/www/vhosts/testing.site.org/wp-mail.php") failed: Permission denied (13)
rsync: readlink_stat("/var/www/vhosts/testing.site.org/wordpress") failed: Permission denied (13)
rsync: readlink_stat("/var/www/vhosts/testing.site.org/wp-signup.php") failed: Permission denied (13)
rsync: readlink_stat("/var/www/vhosts/testing.site.org/wp-trackback.php") failed: Permission denied (13)
rsync error: some files/attrs were not transferred (see previous errors) (code 23) at main.c(1183) [sender=3.1.0]
asked Sep 11, 2019 at 14:15
kianakiana
1711 gold badge1 silver badge4 bronze badges
3
This part here:
rsync: recv_generator: mkdir "/home/www" failed: Permission denied (13)
seems to say that the user kiana does not have sufficient permission on the /home-folder of the remote server in order to write to it.
How to check folder permissions
Performing ls -l | grep home from / on the remote server should give you a tell of who owns the folder and what access permissions it has. Standard for the home-folder is that root:root owns it with 755 as folder permissions (read more about folder and file permissions here)
$ ls -l | grep home
drwxr-xr-x 3 root root 4096 21 mar 14.24 home
This output states that the user root with group root owns the folder (d) home and has full permission (rwx), while others of the group root as well as others has read/execute permission (r-x) but not write permission.
A user having sudo-rights means that said user may temporarily have root-privileges after authentication, which is not really plausible with rsync.
Conclusion
As you are not the actual root user performing the rsync (which by security reasons you shouldn’t be), you do not have write-permission on /home folder. I would suggest that you try to save the webserver data in another place where user kiana may be able to write (e.g. /tmp/, /opt/ etc).
answered Sep 11, 2019 at 15:04
OdecifOdecif
1113 bronze badges
Another solution is to add --rsync-path="sudo rsync" to the local rsync command. Then your next problem is, that you cannot type on the remote server (no tty, no interactive prompt). At least one workaround for that is to temporarily set NOPASSWD: (insecure: no password to sudo!) at the sudoers line for your user. Once the rsync command is running, you can remove the insecure config.
Someone first needs to have logged into your server to abuse the temperate sudo insecurity. But weigh the pros and cons.
answered Dec 10, 2022 at 4:11
The is directory permissions /home is typically only writeable by root.
For example, running ls on my machine shows root/root:
$ ls -laF /home
total 12
drwxr-xr-x 3 root root 4096 Aug 20 2018 ./
drwxr-xr-x 24 root root 4096 Sep 3 09:00 ../
Your best option is to create a directory in /home by ssh’ing into that machine running:
#Note the sudo, or you'd have to su to root
sudo mkdir /home/www
#Then change the ownership so the user kiana can write to it:
sudo chown kiana:kiana /home/www
roaima
104k14 gold badges130 silver badges252 bronze badges
answered Sep 11, 2019 at 14:46
snorpsnorp
2011 silver badge3 bronze badges
You must log in to answer this question.
Not the answer you’re looking for? Browse other questions tagged
.
Not the answer you’re looking for? Browse other questions tagged
.
Сообщение от k0xy
опять же в httpd.conf должны быть указаны группа и пользователь от которых работает веб сервер.
вот строка из httpd.conf:
User apache
Group apache
тут вроде тоже все как надо.
А те записи из файлов (passwd, group), что я указал в предыдущем посте — там все нормально? Или в том проблемы быть не может?
Добавлено через 52 минуты
Заметил интересную особенность:
при заходе прямо на файл с капчей (перед этим если не был на странице регистрации) www.test.domen.com/index_kcaptcha.php — картинка отображается
Когда заходишь на страницу регистрации — то капча не отображается. УРЛ в ИМГ такой index_kcaptcha.php?PHPSESSID=39om160ciu29c3i71e1li1kbk5
Вот с таким УРЛом отображаться уже не хочет. И теперь если даже зайти прямо на файл капчи www.test.domen.com/index_kcaptcha.php даже без параметра ?PHPSESSID=39om160ciu29c3i71e1li1kbk5, то в некоторых браузерах (Файрфокс и опера) выводится обычная строка на белом фоне www.test.domen.com/index_kcaptcha.php, но КАРТИНКОЙ!!!
А в ИЕ выдало ошибку <br />
<b>Warning</b>: session_start() [<a href=’function.session-start’>function.session-start</a>]: open(/var/lib/php/session/sess_fp5eu3o4h8cm9f39ft1k3svqb2, O_RDWR) failed: Permission denied (13) in <b>/var/www/sequoiac/data/www/test.domen.com/index_kcaptcha.php</b> on line <b>46</b><br />
яШяаJFIFяю;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90
а ниже строк 50 абракадабры
Такое поведение только после вызова файла с параметром!
Возможно, вывод на страницу (ошибка или строка) зависит не от браузера, а от последовательности действий — не знаю, еще не получилось это проверить.
Что это может быть? Хоть какие0нибудь варианты? Ниже привожу код файла index_kcaptcha.php. Тут происходит вызов класса — сама капча генерится в другом файле. Если поможет — могу запостить
з.ы. На локали все работает нормально.
Вот код файла, где используется сессия
| PHP | ||
|
Н
I am trying to set up my own web server to learn a bit more about server admin.
I have decided that I want to serve each sites files from a public_html folder inside the users /home directory.
I have installed Nginx, edited the nginx.conf and changed the username / group to nginx.
I have added a new user for the new site and changed the vhosts file to look like so;
server {
listen 80;
listen [::]:80;
server_name website.com www.website.com;
root /home/website/public_html;
index index.html index.htm index.php;
location / {
try_files $uri $uri/ =404;
}
location ~* .php$ {
fastcgi_pass unix:/var/run/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
But when I try and get to the site, it returns a 404 Not Found.
When I check the error log, I am seeing the following errors;
2019/01/02 19:49:45 [crit] 18248#0: *1 stat() "/home/website/public_html/" failed (13: Permission denied)
Any chance someone has come across this before and could tell me how to handle it?
I have had a look around and saw some posts about getenforce, but when i run it, it says Disabled.
I am using CentOS7 if that makes any difference.
Cheers,