Nginx download permissions error - Open() failed (13: Permission denied)

Question

I have a webpage with Nginx + Uwsgi + Django where I have an external path called /download to manage the downloads in Django (the user credentials) and the internal path /download-nginx to actually download the files on the directory /var/wwww/download. For the sake of trials, I have tried to do this with my username as well as the default nginx user. With both of them I get a permission denied error on Nginx:

open() "/var/www/download/example.txt" failed (13: Permission denied)

I have read several other solutions on SO telling that the problem is that the provided user in nginx.conf does not have enough permissions. The thing is that they do have enough permissions:

$ sudo -u nginx stat /var

  File: ‘/var’
  Size: 4096            Blocks: 8          IO Block: 4096   directory
Device: 802h/2050d      Inode: 50331745    Links: 21
Access: (0777/drwxrwxrwx)  Uid: (  996/   nginx)   Gid: (    0/    root)
Context: system_u:object_r:var_t:s0
Access: 2021-11-23 11:24:53.329927606 +0000
Modify: 2021-11-23 09:43:29.250244353 +0000
Change: 2021-11-23 11:21:37.151148760 +0000

Also, just in case I have done chmod 777 recursively on directory /var/wwww/download

My nginx.conf file is as follows:

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 4096;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    client_max_body_size 128M;
    proxy_max_temp_file_size 0;
    proxy_buffering off;
    server_names_hash_bucket_size 256;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    upstream django {
        server 127.0.0.1:8000;
    }

    server {
        listen       80;
        listen       [::]:80;
        server_name  _;
        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

    location /download-nginx {
            internal;
            alias /var/www/download;
            sendfile on;
            proxy_max_temp_file_size 0;
    }

    location / {
        uwsgi_pass django;
        proxy_read_timeout 300s;
        proxy_connect_timeout 75s;
        uwsgi_param Host $host;
        uwsgi_param X-Real-IP $remote_addr;
        uwsgi_param X-Forwarded-For $proxy_add_x_forwarded_for;
        uwsgi_param X-Forwarded-Proto $http_x_forwarded_proto;

        uwsgi_param QUERY_STRING $query_string;
        uwsgi_param REQUEST_METHOD $request_method;
        uwsgi_param CONTENT_TYPE $content_type;
        uwsgi_param CONTENT_LENGTH $content_length;
        uwsgi_param REQUEST_URI $request_uri;
        uwsgi_param PATH_INFO $document_uri;
        uwsgi_param DOCUMENT_ROOT $document_root;
        uwsgi_param SERVER_PROTOCOL $server_protocol;
        uwsgi_param HTTPS $https if_not_empty;
        uwsgi_param REMOTE_ADDR $remote_addr;
        uwsgi_param REMOTE_PORT $remote_port;
        uwsgi_param SERVER_PORT $server_port;
        uwsgi_param SERVER_NAME $server_name;
    }

    error_page 404 /404.html;
        location = /404.html {
        }

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
    }

}

The download view on my Django webpage is as follows, (although the error I'm pretty sure that is not on this snippet):

def download(request):
    # Auth code is ommitted #
    response = HttpResponse()
    path = "/var/www/download/example.txt"
    name = "example.txt"
    response['Content-Length'] = os.path.getsize(path)
    response['X-Accel-Redirect'] = "/download-nginx/{0}".format(name)
    del response['Content-Type']
    del response['Content-Disposition']
    del response['Accept-Ranges']
    del response['Set-Cookie']
    del response['Cache-Control']
    del response['Expires']
    return response

Therefore, my question is: what should I do in my Centos machine in order to be able to access the data on /var/www/download and provide it to the users as downloadable elements?

Answer 1

Problem solved: Nginx needs +x permission on each of the directories. This was solved with:

sudo chmod +x /var
sudo chmod +x /var/www
sudo chmod +x /var/www/download