nginx: "/root/index.html" forbidden (13: Permission denied)

Question

I am installing nginx. Here is the steps I followed:

• Make index.html file in /root directory

• edit /etc/nginx/nginx.conf. After edit it looks like this:

  user  nginx;
  worker_processes  1;
  
  error_log  /var/log/nginx/error.log;
  ...
  
  http {
     ...
  
     server {
          listen       80 default_server;
          server_name  my_domain_name.com;
          root   /root;
      ...
  }
  

• following this question I gave away permissions:

gpasswd -a nginx root

chmod g+x /root

(sorry, couldn't correctly format as code)

• I restarted server:

service nginx restart

I visited my_domain_name.com and got 403 error. /var/log/nginx/error.log content:

"/root/index.html" is forbidden (13: Permission denied), client: 117.211.86.108, server: my_domain_name.com, request: "GET / HTTP/1.1", host: "my_domain_name.com"

Answer 1

Oh! Please don't disable SELinux.

First — do you really need to serve files from /root? That's actually the home directory for the root user, not meant to be the web root. This is actually a very bad idea. Instead, use /var/www/html or (my preference) /srv/www. If you do use /root, make sure you're not exposing ssh keys or authorized_keys files, database passwords, or anything similar. It's really just a bad idea all around.

Second, rather than disabling SELinux (which, in this case, is protecting you from doing something dangerous), you should configure it properly. In Fedora, the SELinux policy as designed so nginx shares this with other webservers, so, using /srv/www/yoursite as the root,

chcon -R -t httpd_sys_content_t /srv/www/yoursite

should do it.

Answer 2

I was on an amazon linux instance, had to do

sudo chmod o+x /home/ec2-user/
sudo service nginx restart

Not sure what the security implications are.