403 Forbidden nginx (13) permission denied

Posted May 26, 2015 183.2k views

To start with i’ve just freshly started off with linux, still wrapping my head around a lot of things. So i’m pretty sure its a simple fix i haven’t been able to figure out :)

This is Centos 6 on a vps

I’ve been trying to look for a solution on the net, but i haven’t had much luck
I keep getting a forbidden error when i try to access my webpage, this is what the nginx error log shows:

/usr/Solder/TechnicSolder/public/index.php" is forbidden (13: Permission denied), client:, server: http://Example/, request: "GET / HTTP/1.1", host: "http://Example/"

I’ve tried to add permission to the user group ‘nginx’ to read and write, via chmod, but it didnt work.

my nginx config.conf is as shown:

user              nginx;
worker_processes  4;

error_log  /var/log/nginx/error.log;
#error_log  /var/log/nginx/error.log  notice;
#error_log  /var/log/nginx/error.log  info;

pid        /var/run/;

events {
    worker_connections  1024;

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    # Load config files from the /etc/nginx/conf.d directory
    # The default server is in conf.d/default.conf
    include /etc/nginx/conf.d/*.conf;


and the nginx defult.conf is:

# The default server
server {
    listen       80 default_server;
    server_name  http://Example/;

    #charset koi8-r;

    #access_log  logs/host.access.log  main;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;

    location / {
        root   /usr/Solder/TechnicSolder/public;
        index  index.php index.html index.htm;

    error_page  404              /404.html;
    location = /404.html {
        root   /usr/share/nginx/html;

    # redirect server error pages to the static page /50x.html
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/Solder/TechnicSolder/public;

    # proxy the PHP scripts to Apache listening on
    #location ~ \.php$ {
    #    proxy_pass;

    # pass the PHP scripts to FastCGI server listening on
    location ~* \.php$ {
            fastcgi_pass                    unix:/var/run/php5-fpm.sock;
            fastcgi_index                   index.php;
            fastcgi_split_path_info         ^(.+\.php)(.*)$;
            include                         fastcgi_params;
            fastcgi_param PATH_INFO         $fastcgi_path_info;

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #location ~ /\.ht {
    #    deny  all;

the www.conf file has the group and user changed to nginx.

i believe i’ve followed all the steps correctly with the how to

thanks for your time :)

1 comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Submit an Answer
3 answers

Hi there,

I was having exactly the same issue:

  • unable to start/restart/reload nginx…,
  • sudo nginx -t reporting that the syntax of the conf file was Ok,
  • log in /var/log/nginx/error.log showing: open() "/etc/nginx/conf.d/<YOUR_FILE>.conf" failed (13: Permission denied) in /etc/nginx/nginx.conf:31

In my case, i had copied the .conf files in *conf.d** from another folder, of another user (notroot).

Running : ls -lZ /etc/nginx/conf.d/ did indeed help me identify the permission issue: it showed me that the conf files didn’t had the right permissions ( and SELinux context ).

It was:

-rw-r--r--. notroot notroot unconfined_u:object_r:user_home_t:s0 <YOUR_FILE>.conf

Whereas it should be something like:

-rw-r--r--. root root unconfined_u:object_r:httpd_config_t:s0 <YOUR_FILE>.conf

The solution was to recreate the conf files directly in the conf.d folder, instead of copying them from another location:

sudo vi /etc/nginx/conf.d/<YOUR_FILE>.conf

That way, the file had the right permissions and SELinux context, and i didn’t had to modify any SELinux config…

Hope it helps!

  • This comment was exactly the problem I had! I was checking permissions on the directory but not the actual file after copying it in. Thanks for pointing it out!

I typed su nginx and it came back with: ‘This account is currently not available.’

Disable/configure SELinux. And while you’re at it, stop using CentOS and use Debian/Ubuntu instead.

  • i used the command ‘getenforce’ and it shows disabled.

  • Okay, then your chmod/chown is incorrect. su into your nginx user and try accessing the file.

  • Ok, so i’ve added the user shell, and i did su nginx, then tried going to the TechnicSolder (with full path) and it says ‘no such file or directory’ but i can get to the Solder folder, does that mean i dont have permissions on that folder? (and probably subs)

  • I can ‘find’ that folder, but i cant use 'cd’ to it. also as root i did ls -l and nginx is in all folders and files