Nginx: stat() failed (13: permission denied)
UbuntuNginxUbuntu Problem Overview
I am using the default config while adding the specific directory with nginx installed on my ubuntu 12.04 machine.
server {
#listen 80; ## listen for ipv4; this line is default and implied
#listen [::]:80 default ipv6only=on; ## listen for ipv6
index index.html index.htm;
# Make site accessible from http://localhost/
server_name localhost;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to index.html
root /username/test/static;
try_files $uri $uri/ /index.html;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
...
...
}
I just want a simple static nginx server to serve files out of that directory. However, checking the error.log I see
2014/09/10 16:55:16 [crit] 10808#0: *2 stat() "/username/test/static/index.html" failed (13: Permission denied), client:, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "domain"
2014/09/10 16:55:16 [error] 10808#0: *2 rewrite or internal redirection cycle while internally redirecting to "/index.html
I've already done chown -R www-data:www-data on /username/test/static, I've set them to chmod 755. I don't know what else needs to be set.
Ubuntu Solutions
Solution 1 - Ubuntu
Nginx operates within the directory, so if you can't cd to that directory from the nginx user then it will fail (as does the stat command in your log). Make sure the www-user can cd all the way to the /username/test/static. You can confirm that the stat will fail or succeed by running
sudo -u www-data stat /username/test/static
In your case probably the /username directory is the issue here. Usually www-data does not have permissions to cd to other users home directories.
The best solution in that case would be to add www-data to username group:
gpasswd -a www-data username
and make sure that username group can enter all directories along the path:
chmod g+x /username && chmod g+x /username/test && chmod g+x /username/test/static
For your changes to work, restart nginx
nginx -s reload
Solution 2 - Ubuntu
Nginx need to have +x access on all directories leading to the site's root directory.
Ensure you have +x on all of the directories in the path leading to the site's root. For example, if the site root is /home/username/siteroot:
chmod +x /home/
chmod +x /home/username
chmod +x /home/username/siteroot
Solution 3 - Ubuntu
I've just had the same problem on a CentOS 7 box.
Seems I'd hit selinux. Putting selinux into permissive mode (setenforce permissive) has worked round the problem for now. I'll try and get back with a proper fix.
Solution 4 - Ubuntu
On CentOS 7.0 I had this Access Deined problem caused by SELinux and these steps resolved the issue:
yum install -y policycoreutils-devel
grep nginx /var/log/audit/audit.log | audit2allow -M nginx
semodule -i nginx.pp
Update: Just a side-note from what I've learned while using digitalocean's virtual Linux servers, or as they call them Droplets. Using SELinux requires a decent amount of RAM. It's most probably like you won't be able to run and manage SELinux on a droplet with less than 2GB of RAM.
Solution 5 - Ubuntu
You may have Security-Enhanced Linux running, so add rule for that. I had permission 13 errors, even though permissions were set and user existed..
chcon -Rt httpd_sys_content_t /username/test/static
Solution 6 - Ubuntu
To check the default Nginx users:
sudo ps aux| grep nginx
You will get an output like this:
root 69558 0.0 0.0 66276 1708 ? Ss 10:14 0:00
nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
www-data 69559 0.0 0.1 66516 5540 ? S 10:14 0:00 nginx: worker process
www-data 69560 0.0 0.1 66516 6944 ? S 10:14 0:00 nginx: worker process
root 69794 0.0 0.0 8168 672 pts/1 S+ 10:19 0:00 grep --color=auto nginx
Also, check the nginx.conf file using any text editor of your choice: I will be using vim:
vim /etc/nginx/nginx.conf
Solution:
- Change the www-data user in the nginx.conf file to root, in case you are on root user.
- The Second solution is to add the user www-data to root group.
Solution 7 - Ubuntu
Symptom:
Could not upload images to WordPress Media Library.
Cause:
(CentOS) yum update
Error:
2014/10/22 18:08:50 [crit] 23286#0: *5332 open() "/var/lib/nginx/tmp/client_body/0000000003" failed (13: Permission denied), client: 1.2.3.4, server: _, request: "POST /wp-admin/media-new.php HTTP/1.1", host: "example.com", referrer: "http://example/wp-admin/media-new.php"
Solution:
chown -R www-data:www-data /var/lib/nginx
Solution 8 - Ubuntu
I finally found my way through. In short, let's say your username is joe and you hold a website under your personal filesystem /home/joe/path/to/website.
You literally have to tell the system that nginx is your pal.
Place nginx in joe group :
sudo gpasswd -a nginx joe
After that if it still doesn't work, check right access of /home/joe directory. That's probably the reason why nginx can't reach the file because even if he is your friend now you have to open him the door to your house :
sudo chmod g+x /home/joe
That's it. That's literally all you have to do to give nginx access to your local files :)
I don't think there are security concerns with this method because nginx is the high authority and only an admin can change the group. nginx can now read what's in joe directories. It's only a security breach if the holder of the nginx account is different with the user you open directory access from, but in my case I'm the holder of both parties, that is in a local context.
Solution 9 - Ubuntu
I faced this problem, I solved it to give permissions to nginx user and group something like this:
chown -R nginx:nginx /username/test/static
Solution 10 - Ubuntu
This is how i fixed this
sudo chmod o+x /home/ec2-user
Solution 11 - Ubuntu
By default the static data, when you install the nginx, will be in /var/www/html. So you can just copy your static folder into /var/html/ and set the
root /var/www/<your static folder>
in ngix.conf (or /etc/nginx/sites-available/default)
This worked for me on ubuntu but I guess it should not be much different for other distros.
Hope it helps.
Solution 12 - Ubuntu
In my case, the folder which served the files was a symbolic link to another folder, made with
ln -sf /origin /var/www/destination
Even though the permissions (user and group) where correct on the destination folder (the symbolic link), I still had the error because Nginx needed to have permissions to the origin folder whole's hierarchy as well.
Solution 13 - Ubuntu
Change your nginx.conf user property to www-static files owener.
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user your_user_name;
# same other config
Solution 14 - Ubuntu
I had the same issue, I am using Plesk Onyx 17 with Centos7. I could see this error in proxy_error_log under the affected domain's logs. All the dirs/files in /var/www/vhosts/ are owned by respective users (domain owners) and you can see that all of them are in psacln group. So solution was to add nginx also to this group, so he can see what he needs:
usermod -aG psacln nginx
And indeed, restart nginx and reload page with Ctrl+F5.
Solution 15 - Ubuntu
I found a work around: Moved the folder to nginx configuration folder, in my case "/etc/nginx/my-web-app". And then changed the permissions to root user "sudo chown -R root:root "my-web-app".
Solution 16 - Ubuntu
This is usually the privilege problem... For me, its because i use the /root/** as the nginx root, it need higher privilege. An easy way is just move the project into a directory created by yourself.
Solution 17 - Ubuntu
You can also add which user will run the nginx. In the nginx.conf file, make the following changes:
user root;
You can add the above line as the first line in your nginx conf. You can write the name of any user who has the permission to write in that directory.