Nginx: Permission denied for nginx on Ubuntu
UbuntuNginxDebianVagrantPuppetUbuntu Problem Overview
I am new to system administration. After installing nginx via puppet on Ubuntu I get the following output:
[alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)
[warn] 1898#0: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1
[emerg] 1898#0: open() "/var/log/nginx/access.log" failed (13: Permission denied)
How do I get rid of all of these messages?
I don't want to use command line directly (chown / chmod) and repeat it every time I create a new server. Therefore, I am thinking of what has to be added to the puppet manifest.
What is the best sysadmin practice in this case: to change owner / permissions for /var/log/nginx or to store logs in different location? If chown / chmod is the way to go, which specific permissions would ensure the highest level of security?
I tried this, but it didn't help:
file { '/var/log/nginx':
ensure => directory,
mode => '0755',
owner => 'www-data',
group => 'www-data',
recurse => true
}
Edited:
vagrant@precise64:~$ ps aux | grep [n]ginx
root 1001 0.0 0.1 62908 1388 ? Ss 08:47 0:00 nginx: master process /usr/sbin/nginx
www-data 1002 0.0 0.1 63260 1696 ? S 08:47 0:00 nginx: worker process
www-data 1003 0.0 0.1 63260 1696 ? S 08:47 0:00 nginx: worker process
www-data 1004 0.0 0.1 63260 1696 ? S 08:47 0:00 nginx: worker process
www-data 1005 0.0 0.1 63260 1696 ? S 08:47 0:00 nginx: worker process
Ubuntu Solutions
Solution 1 - Ubuntu
Make sure you are running the test as a superuser.
sudo nginx -t
Or the test wont have all the permissions needed to complete the test properly.
Solution 2 - Ubuntu
I faced similar issue while restarting Nginx and found it to be a cause of SeLinux. Be sure to give a try after either disabling SeLinux or temporarily setting it to Permissive mode using below command:
setenforce 0
I hope it helps :)
Solution 3 - Ubuntu
If i assume that your second code is the puppet config then i have a logical explaination, if the error and log files were create before, you can try this
sudo chown -R www-data:www-data /var/log/nginx;
sudo chmod -R 755 /var/log/nginx;
Solution 4 - Ubuntu
just because you don't have the right to acess the file , use
chmod -R 755 /var/log/nginx;
or you can change to sudo then it
Solution 5 - Ubuntu
if you don't want to start nginx as root.
first creat log file :
sudo touch /var/log/nginx/error.log
and then fix permissions:
sudo chown -R www-data:www-data /var/log/nginx
sudo find /var/log/nginx -type f -exec chmod 666 {} \;
sudo find /var/log/nginx -type d -exec chmod 755 {} \;
Solution 6 - Ubuntu
Permission to view log files is granted to users being in the group adm.
To add a user to this group on the command line issue:
sudo usermod -aG adm <USER>
Solution 7 - Ubuntu
For me, I just changed the selinux from enforcing to permissive and then I was able to start nginx without any error.
Solution 8 - Ubuntu
On Debian WSL (Windows Subsystem for Linux) I had to use:
sudo chmod -R 775 /var/log/nginx
Solution 9 - Ubuntu
Found a good description what to do.
# support running as arbitrary user which belogs to the root group
RUN chmod g+rwx /var/cache/nginx /var/run /var/log/nginx
# users are not allowed to listen on priviliged ports
RUN sed -i.bak 's/listen\(.*\)80;/listen 8081;/' /etc/nginx/conf.d/default.conf
EXPOSE 8081
# comment user directive as master process is run as user in OpenShift anyhow
RUN sed -i.bak 's/^user/#user/' /etc/nginx/nginx.conf
Fixing all the issues with running NGNIX without root.
Solution 10 - Ubuntu
I just patch nginx binary replacing path /var/log/nginx/error.log
and other with local path.
$ perl -pi \
-e 's@/var/log/nginx/@_var_log_nginx/@g;' \
-e 's@/var/lib/nginx/@_var_lib_nginx/@g;' \
-e 's@/var/run/nginx.pid@_var_run/nginx.pid@g;' \
-e 's@/run/nginx.pid@_run/nginx.pid@g;' \
< /usr/sbin/nginx > nginx
$ chmod +x nginx
$ mkdir _var_log_nginx _var_lib_nginx _var_run _run
$ ./nginx -p . -c nginx.conf
It works for testing.
Solution 11 - Ubuntu
This works for me,
sudo chmod -R 777 /var/log/nginx
Solution 12 - Ubuntu
Nginx needs to run by command 'sudo /etc/init.d/nginx start'