Welcome! Log In Create A New Profile

Advanced

Centos 7 file permission problem

Previous Message Next Message
Forum List Message List New Topic Print View
gariac
December 20, 2017 03:08AM
I'm setting up a web server on a Centos 7 VPS. I'm relatively sure I
have the firewalls set up properly since I can see my browser requests
in the access and error log. That said, I have file permission problem.

nginx 1.12.2
Linux servername 3.10.0-693.5.2.el7.x86_64 #1 SMP Fri Oct 20 20:32:50 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux


nginx.conf (with comments removed for brevity and my domain name remove
because google)
-------
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

events {
worker_connections 1024;
}

http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;

include /etc/nginx/mime.types;
default_type application/octet-stream;

server {
listen 80;
server_name mydomain.com www.mydomain.com;

return 301 https://$host$request_uri;
}

server {
listen 443 ssl http2;
server_name mydomain.com www.mydomain.com;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
root /usr/share/nginx/html/mydomain.com/public_html;

ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location / {
root /usr/share/nginx/html/mydomain.com/public_html;
index index.html index.htm;
}
#
error_page 404 /404.html;
location = /40x.html {
}
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}

}

I have firefox set up with no cache and do not save history.
-------------------------------------------------------------
access log:

mypi - - [20/Dec/2017:07:46:44 +0000] "GET /index.html HTTP/2.0" 403 169
"-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
Firefox/52.0" "-"

myip - - [20/Dec/2017:07:48:44 +0000] "GET /index.html
HTTP/2.0" 403 169 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0)
Gecko/20100101 Firefox/52.0" "-"
-------------------------------
error log:

2017/12/20 07:46:44 [error] 10146#0: *48 open() "/usr/share/nginx/html/mydomain.com/public_html/index.html" failed (13: Permission denied), client: myip, server: mydomain.com, request: "GET /index.html HTTP/2.0", host: "mydomain.com"
2017/12/20 07:48:44 [error] 10146#0: *48 open() "/usr/share/nginx/html/mydomain.com/public_html/index.html" failed (13: Permission denied), client: myip, server: mydomain.com, request: "GET /index.html HTTP/2.0", host: "mydomain.com"


Directory permissions:
For now, I made eveything 755 with ownership nginx:nginx I did chmod
and chown with the -R option

/etc/nginx:
drwxr-xr-x. 4 nginx nginx 4096 Dec 20 07:39 nginx

/usr/share/nginx:
drwxr-xr-x. 4 nginx nginx 33 Dec 15 08:47 nginx

/var/log:
drwx------. 2 nginx nginx 4096 Dec 20 07:51 nginx
--------------------------------------------------------------
systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2017-12-20 04:21:37 UTC; 3h 37min ago
Process: 10145 ExecReload=/bin/kill -s HUP $MAINPID (code=exited, status=0/SUCCESS)
Main PID: 9620 (nginx)
CGroup: /system.slice/nginx.service
├─ 9620 nginx: master process /usr/sbin/nginx
└─10146 nginx: worker process


Dec 20 07:18:33 servername systemd[1]: Reloaded The nginx HTTP and reverse proxy server.
--------------------------------------------------------------

ps aux | grep nginx
root 9620 0.0 0.3 71504 3848 ? Ss 04:21 0:00 nginx: master process /usr/sbin/nginx
nginx 10146 0.0 0.4 72004 4216 ? S 07:18 0:00 nginx: worker process
root 10235 0.0 0.0 112660 952 pts/1 S+ 08:01 0:00 grep ngin

-----------------------------------
firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: ssh dhcpv6-client http https
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Reply Quote
RSS
Subject Author Posted

Centos 7 file permission problem

gariac December 20, 2017 03:08AM

Re: Centos 7 file permission problem

Aziz Rozyev December 20, 2017 06:18AM

Re: Centos 7 file permission problem

gariac December 20, 2017 07:34PM

Re: Centos 7 file permission problem

方坤 December 21, 2017 12:22AM

Re: Centos 7 file permission problem

Aziz Rozyev December 21, 2017 02:08AM

Re: Centos 7 file permission problem

方坤 December 21, 2017 02:52AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 280
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready