Thursday, February 3, 2011

Permission problems, nginx can't access my site

So, I'm having some problems with my permissions.

I have a directory named /sites/ and within that directory i have a couple of more directories of all my vhosts. One of them for example is /sites/rb.

/sites/rb/application/.. /sites/rb/public_html/index.php

I'm editing the files over sFTP, with my user "jimp", jimp is part of the group www-pub.

chown –R root:www-pub /sites/rb

If i simply type "touch abc" i get this: -rw-r--r-- 1 jimp www-pub 0 30 jun 23.55 abc

and if i create a file with my sftp client i get: -rw-r--r-- 1 jimp www-pub 0 30 jun 23.55 abc_sftp

The problem is that nginx can't access my site. Nginx error log: 2010/06/30 23:45:36 [crit] 5459#0: *3 stat() "/sites/rb/public_html/index" failed (13: Permission denied), client: 11.11.11.111, server: rb.rb.com, request: "GET /index HTTP/1.1", host: "rb.rb.com"

I'm using php5-fpm.

I'm sorry for my poor english. I would appreciate any help very much because this is not my area! :-)

From serverfault Jimps

  • is

    /sites/rb/public_html/

    at least chmod 711?

    Actually, in looking at that a little closer, it looks like it is trying to access /sites/rb/public_html/ on your filesystem rather than the correct path. It would seem that you may have

    location / {
    root /sites/rb/public_html/;
}

    rather than having the proper full path for root.

    Jimps : Yes! drwxrw-r-- 6 jimp www-pub 4096 30 jun 19.26 public_html
    karmawhore : those permissions would be incorrect. At a minimum, you need to chmod 711 that directory. You have it currently set to chmod 762, which doesn't give nginx the ability to traverse the public_html directory.
    Jimps : location / { root /sites/rb/public_html/; index index.php index.html; if (!-f $request_filename) { rewrite ^(.*)$ /index.php?$1 last; } } location ~ \.php$ { fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /sites/rb/public_html$fastcgi_script_name; include fastcgi_params; } That's my config. And to be clear, if I for example set all files and folders to 755 it works.
    Jimps : Also want to say that I never used serverfault before, i apologize if I'm doing it wrong!
    karmawhore : 755 or 711 would work. Nginx didn't have permissions to read the directory listing. Reading the directory listing requires the execute privilege. So, if you set it to 711 or 755 and it works, what problem are you having?
    karmawhore : Usually easier to edit your question to post configurations since comments don't allow formatting.
    Jimps : Ok with 711 it Do work but then i get permission errors on the files, codeigniter is outputing som errors of "Permission denied" when trying to include a bunch of files. I have my application and system directory outside public_html. Which permissions should theese folder and files have?
    Jimps : OK, now it seems to work. After: find /sites/rb/ -type d -exec chmod 0711 {} \; and find /sites/rb/ -type f -exec chmod 0664 {} \;, tell me if it's wrong but if not, thank you very much!
    karmawhore : 711 allows nginx to find the file if it knows it exists. Any subdirectory you have, or, the folders that contain your scripts that are outside the webroot need at a minimum 711. You would need 755 on your webroot directory to allow it to look for files if they weren't specified. Nginx handles this differently than apache which is why 711 works. If you are getting permission denied on included files, some part of the directory path is missing 711/755 permissions or the file being included doesn't have 644 permissions.
    karmawhore : in looking at this a little closer, do you have nginx running with the group of www-pub? If so, you wouldn't need the world readable/executable bit. Your line in your nginx.conf file might contain user www-data; You could add www-pub; to the end of the user statement and restart nginx to use your group permissions.
    Jimps : No, but i added that now. But it seems like the problems wasn't solved. I opened app.css in my editor and saved it over sftp and the permissions became "-rw-------", before it was 644. My editor is set to 644.
    karmawhore : the umask setting in your environment is set to be quite restrictive. You might look in a file called .bash_profile, .bashrc, .profile, depending on the shell you're using and set umask 022 which should set it so that sftp properly writes the permissions.
    Jimps : Awesome! It seems to work properly now. Thank you so much again, karmawhore! :D
    From karmawhore
Posted by Ku XI at 8:44 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)