Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Why does Nginx return a 403 even though all permissions are set properly?

I have Nginx setup and displaying the test page properly. If I try to change the root path, I get a 403 Forbidden error, even though all permissions are identical. Additionally, the nginx user exists.

nginx.conf:

user nginx; worker_processes  1;  error_log  /var/log/nginx/error.log;  pid        /run/nginx.pid;  events {     worker_connections  1024; }  http {     index   index.html index.htm;      server {         listen       80;         server_name  localhost;         root         /var/www/html; #changed from the default /usr/share/nginx/html     } } 

namei -om /usr/share/nginx/html/index.html

f: /usr/share/nginx/html/index.html dr-xr-xr-x root root / drwxr-xr-x root root usr drwxr-xr-x root root share drwxr-xr-x root root nginx drwxr-xr-x root root html -rw-r--r-- root root index.html 

namei -om /var/www/html/index.html

f: /var/www/html/index.html dr-xr-xr-x root root / drwxr-xr-x root root var drwxr-xr-x root root www drwxr-xr-x root root html -rw-r--r-- root root index.html 

error log

2014/03/23 12:45:08 [error] 5490#0: *13 open() "/var/www/html/index.html" failed (13: Permission denied), client: XXX.XX.XXX.XXX, server: localhost, request: "GET /index.html HTTP/1.1", host: "ec2-XXX-XX-XXX-XXX.compute-1.amazonaws.com"

like image 675
Adam Pearlman Avatar asked Mar 23 '14 02:03

Adam Pearlman


People also ask

What are the reasons for 403 Forbidden?

The 403 Forbidden error appears when your server denies you permission to access a page on your site. This is mainly caused by a faulty security plugin, a corrupt . htaccess file, or incorrect file permissions on your server.

What permissions does NGINX need?

NGINX must run with it own unprivileged user, which is nginx (RHEL-based systems) or www-data (Debian-based systems).

How do I fix Error 403 Forbidden in Ubuntu?

If the file or any similar files are not found, and directory index listings are disabled, the web server displays the '403 Forbidden' error message. To fix the issue, add a default directory index. 3. Make sure there is a file in the webroot folder with this name and upload it if it's missing.


2 Answers

I experienced the same problem and it was due to SELinux.

To check if SELinux is running:

# getenforce 

To disable SELinux until next reboot:

# setenforce Permissive 

Restart Nginx and see if the problem persists. If you would like to permanently alter the settings you can edit /etc/sysconfig/selinux

If SELinux is your problem you can run the following to allow nginx to serve your www directory (make sure you turn SELinux back on before testing this. i.e, # setenforce Enforcing)

# chcon -Rt httpd_sys_content_t /path/to/www 

If you're still having issues take a look at the boolean flags in getsebool -a, in particular you may need to turn on httpd_can_network_connect for network access

# setsebool -P httpd_can_network_connect on 

For me it was enough to allow http to serve my www directory.

like image 72
Kurt Avatar answered Oct 11 '22 19:10

Kurt


First of all you have to run following command to allow nginx to access filesystem

sudo setsebool -P httpd_read_user_content 1

You can check if the files or directory with following command:

ls -Z 

If it is still not accessible, you can try changing the SELinux property of the files and folder with following command:

chcon -Rt httpd_sys_content_t /path/to/www 

However, above command cannot apply to files under FUSE or NFS system.

To enable serving files from FUSE mounts, you can use:

setsebool httpd_use_fusefs 1 

To enable serving files from NFS mounts, you can use:

setsebool httpd_use_nfs 1 
like image 39
Terry Lam Avatar answered Oct 11 '22 21:10

Terry Lam