index php is forbidden 13 permission denied
403 Forbidden nginx (13) permission denied
To start with i’ve just freshly started off with linux, still wrapping my head around a lot of things. So i’m pretty sure its a simple fix i haven’t been able to figure out 🙂
This is Centos 6 on a vps
I’ve been trying to look for a solution on the net, but i haven’t had much luck
I keep getting a forbidden error when i try to access my webpage, this is what the nginx error log shows:
I’ve tried to add permission to the user group ‘nginx’ to read and write, via chmod, but it didnt work.
my nginx config.conf is as shown:
and the nginx defult.conf is:
the www.conf file has the group and user changed to nginx.
thanks for your time 🙂
Related
Join 1M+ other developers and:
For those who has SELinux == Enforcing and Nginx returns 403 for static files :
Enable SELinux httpdcannetwork_connect feature
check SELinux enforce
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
I was having exactly the same issue:
In my case, i had copied the .conf files in *conf.d** from another folder, of another user (notroot).
Whereas it should be something like:
The solution was to recreate the conf files directly in the conf.d folder, instead of copying them from another location:
That way, the file had the right permissions and SELinux context, and i didn’t had to modify any SELinux config…
Nginx: stat() failed (13: permission denied)
I am using the default config while adding the specific directory with nginx installed on my ubuntu 12.04 machine.
I just want a simple static nginx server to serve files out of that directory. However, checking the error.log I see
16 Answers 16
In your case probably the /username directory is the issue here. Usually www-data does not have permissions to cd to other users home directories.
The best solution in that case would be to add www-data to username group:
and make sure that username group can enter all directories along the path:
For your changes to work, restart nginx
Nginx need to have +x access on all directories leading to the site’s root directory.
Ensure you have +x on all of the directories in the path leading to the site’s root. For example, if the site root is /home/username/siteroot:
I’ve just had the same problem on a CentOS 7 box.
Seems I’d hit selinux. Putting selinux into permissive mode ( setenforce permissive ) has worked round the problem for now. I’ll try and get back with a proper fix.
On CentOS 7.0 I had this Access Deined problem caused by SELinux and these steps resolved the issue:
Update: Just a side-note from what I’ve learned while using digitalocean’s virtual Linux servers, or as they call them Droplets. Using SELinux requires a decent amount of RAM. It’s most probably like you won’t be able to run and manage SELinux on a droplet with less than 2GB of RAM.
You may have Security-Enhanced Linux running, so add rule for that. I had permission 13 errors, even though permissions were set and user existed..
Could not upload images to WordPress Media Library.
By default the static data, when you install the nginx, will be in /var/www/html. So you can just copy your static folder into /var/html/ and set the
in ngix.conf (or /etc/nginx/sites-available/default)
This worked for me on ubuntu but I guess it should not be much different for other distros.
I faced this problem, I solved it to give permissions to nginx user and group something like this:
Change your nginx.conf user property to www-static files owener.
You literally have to tell the system that nginx is your pal.
Place nginx in joe group :
After that if it still doesn’t work, check right access of /home/joe directory. That’s probably the reason why nginx can’t reach the file because even if he is your friend now you have to open him the door to your house :
That’s it. That’s literally all you have to do to give nginx access to your local files 🙂
I don’t think there are security concerns with this method because nginx is the high authority and only an admin can change the group. nginx can now read what’s in joe directories. It’s only a security breach if the holder of the nginx account is different with the user you open directory access from, but in my case I’m the holder of both parties, that is in a local context.
nginx error connect to php5-fpm.sock failed (13: Permission denied)
I update nginx to 1.4.7 and php to 5.5.12, After that I got the 502 error. Before I update everything works fine.
25 Answers 25
I had a similar error after php update. PHP fixed a security bug where o had rw permission to the socket file.
Uncomment all permission lines, like:
Note: if your webserver runs as user other than www-data, you will need to update the www.conf file accordingly
All the fixes currently mentioned here basically enable the security hole all over again.
What I ended up doing is adding the following lines to my PHP-FPM configuration file.
Make sure that www-data is actually the user the nginx worker is running as. For debian it’s www-data by default.
@Xander’s solution works, but does not persist after a reboot.
Sample from www.conf:
Edit: Per @Chris Burgess, I’ve changed this to the more secure method.
/var/run Only holds information about the running system since last boot, e.g., currently logged-in users and running daemons. (http://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard#Directory_structure).
Side note:
If you have tried everything in this post but are not having success getting PHP to work, this is what fixed it for my case:
Make sure you have these lines uncommented in /etc/php5/fpm/pool.d/www.conf:
Make sure /etc/nginx/fastcgi_params looks like this:
These two lines were missing from my /etc/nginx/fastcgi_params, make sure they are there!
Then, restart php5-fpm and nginx. Should do the trick.
In fact, «listen.mode» should be: «0660» and not «0666» as Other Writable or Other Readable is never a good choice here.
So try to find out as which user/group your webserver runs. I use CentOs and it runs as user «nginx» So add to your php-fpm.conf:
finally restart php-fpm
Check which user runs nginx. As of Ubuntu 12.04 nginx runs by nginx user which is not a member of www-data group.
and restarting nginx and php5-fpm daemons solves the problem.
Alternative to broadening permissions in your php config, you could change the user specified in your nginx config.
On the first line of your nginx.conf excerpt above, the user and group are specified as www and www, respectively.
Meanwhile, your php config probably specifies a user and group of www-data:
You might change the line in your nginx.conf, to any of the following, then:
Consideration must also be given to your individual FPM pools, if any.
I couldn’t figure out why none of these answers was working for me today. This had been a set-and-forget scenario for me, where I had forgotten that listen.user and listen.group were duplicated on a per-pool basis.
If you used pools for different user accounts like I did, where each user account owns their FPM processes and sockets, setting only the default listen.owner and listen.group configuration options to ‘nginx’ will simply not work. And obviously, letting ‘nginx’ own them all is not acceptable either.
For each pool, make sure that
Otherwise, you can leave the pool’s ownership and such alone.
I just got this error again today as I updated my machine (with updates for PHP) running Ubuntu 14.04. The distribution config file /etc/php5/fpm/pool.d/www.conf is fine and doesn’t require any changes currently.
I found the following errors:
The strange thing was that I have 2 sites running that utilize PHP-FPM on this machine one was running fine and the other (a Tiny Tiny RSS installation) gave me a 502, where both have been running fine before.
Both configuration files now contain the following block and are running fine again:
Update
It should be noted that Ubuntu ships two fastcgi related parameter files and also a configuration snippet which is available since Vivid and also in the PPA version. The solution was updated accordingly.
Diff of the fastcgi parameter files:
Configuration snippet in /etc/nginx/snippets/fastcgi-php.conf
The following simple fix worked for me, bypassing possible permissions issues with the socket.
In your nginx config, set fastcgi_pass to:
This must match the listen = parameter in /etc/php5/fpm/pool.d/www.conf, so also set this to:
Then restart php5-fpm and nginx
The problem in my case was that the Nginx web server was running as user nginx and the pool was running as user www-data.
I solved the issue by changing the user Nginx is running at in the /etc/nginx/nginx.conf file (could be different on your system, mine is Ubuntu 16.04.1)
then restart Nginx: service nginx restart
I had the similar error.
All recommendations didn’t help.
The only replacement www-data with nginx has helped:
I have fixed same issue on Amazon Linux AMI 2016.09 (Centos 7) by taking following steps.
Open your www.conf files (Example : sudo nano /etc/php-fpm.d/www.conf) Lastly, find the lines that set the listen.owner and listen.group and change their values from «nobody» to «nginx»:
Lastly, find the lines that set the user and group and change their values from «apache» to «nginx»:
Restart php-fpm (sudo service php-fpm restart)
The most important thing here is wich user is using nginx then do you need specify it as well
in your case the user and group is «www» so just replace it.
Just to add, on CentOS (and probably Red Hat and Fedora) the file to change the permissions to is at:
If you have different pool per user make sure user and group are set correctly in configuration file. You can find nginx user in /etc/nginx/nginx.conf file. nginx group is same as nginx user.
Also check SELINUX (/etc/selinux):
In my case php-fpm wasn’t running at all, so I just had to start the service 😂
Just see /etc/php5/php-fpm.conf pid = /var/run/php5-fpm.pid IS PID file
In file /etc/php5/fpm/pool.d/www.conf
listen = /var/run/php5-fpm.sock IS SOCKET file
After upgrading from Ubuntu 14.04 lts to Ubuntu 16.04 lts I found a yet another reason for this error that I haven’t seen before.
During the upgrading process I had somehow lost my php5-fpm executable altogether. All the config files were intact and it took me a while to realize that service php5-fpm start didn’t really start a process, as it did not show any errors.
In order to solve this problem I upgraded php from version 5.5 to 7.0. apt-get install php-fpm did the trick as a side effect. After that and installing other necessary packages everything was back to normal.
This upgrading solution may have problems of its own, however. Since php has evolved quite a bit, it’s possible that the software will break in unimaginable ways. So, even though I did go down that path, you may want to keep the version you’re fond of just for a while longer.
Luckily, there seems to be a neat way for that, as described on The Customize Windows site:
Neater solution as it might be, I didn’t try that. I expect the next couple of days will tell me whether I should have.
Nignx Permission denied
Добрый день друзья!
Помогите победить проблему. Centos 7 установлен nginx
Сейчас я уже для тестов все сбросил на дефолт
Вот права на папку уже до абсурда 777
на сайте соответственно
Что ему еще то надо от меня? Подскажите советом. Спасибо.
права на
/usr/
/usr/share/
/usr/share/nginx
?
попробуй переключиться на пользователя nginx (su) и открыть эти файлы, может что прояснится.
Не могу понять, проблема в пользователе?
Ну а выше по директориям какие права?
/var/lib/nginx это домашняя директория nginx, если даже в нее нет доступа явно что то глобальное с правами не так. Не силен в SeLinux но я бы в его сторону копал.
В этом и главный вопрос ) Сервер стоит в стандарте, только после установки.
Если кто-то может подсказать то дайте совет. Пока покопаю в сторону SeLinux хотя он и по все показателям выключен.
любым другим пользователем попробуй посмотреть содержимое директории /usr/share/nginx/html.
Создал пользователя test пробую зайти под ним пишет
Ясно что-то в системе не так,
Я первый раз работаю с CentOS 7, всегда 6,5
Оказалось дело вот в чем, проверим права, я понял что практически везде ошибка доступа. Проблема оказалась глобальна.
Проверив права на корень /
Стало понятно что с такими правами ничего не разаботает
И все завилось.. логика не понятная, зачем и почему? Напомню что это сервер reg.ru в стандарте, тоесть ничего не менялось.
Может я конечно не профи и чего то не понимаю, но права сомнительны.
Это проблемы reg.ru
По дефолту у установленной centos 7 права не такие
Попрбуй сделать так, для честности:
И да, останови в режиме демона и запусти nginx из терминала + strace. посмотри что выводит при обращении к страничке.
Отличный способ потролить кого нибудь) надо запомнить)
(13: Permission denied) while connecting to upstream:[nginx]
I am working with configuring Django project with Nginx and Gunicorn.
Below is the content of my nginx.conf file;
What mistake am I doing?
10 Answers 10
Disclaimer
Make sure there are no security implications for your use-case before running this.
Answer
I had a similar issue getting Fedora 20, Nginx, Node.js, and Ghost (blog) to work. It turns out my issue was due to SELinux.
This should solve the problem:
Details
I checked for errors in the SELinux logs:
And found that running the following commands fixed my issue:
Option #2 (untested, but probably more secure)
References
I’ve run into this problem too. Another solution is to toggle the SELinux boolean value for httpd network connect to on (Nginx uses the httpd label).
You can see a list of all available SELinux booleans for httpd using
I have solved my problem by running my Nginx as the user I’m currently logged in with, mulagala.
By default the user as nginx is defined at the very top section of the nginx.conf file as seen below;
However, this may not address the actual problem and may actually have casual side effect(s).
For an effective solution, please refer to Joseph Barbere’s solution.
Had a similar problem on Centos 7. When I tried to apply the solution prescribed by Sorin, I started moving in cycles. First I had a permission
Obtained using sudo cat /var/log/audit/audit.log | grep nginx | grep denied as explained above.
So I solved them one at a time, toggling the flags on one at a time.
Then running the commands specified by @sorin and @Joseph above