Question

403 Forbidden nginx (13) permission denied

Posted May 26, 2015 99.8k views
Nginx CentOS PHP

To start with i’ve just freshly started off with linux, still wrapping my head around a lot of things. So i’m pretty sure its a simple fix i haven’t been able to figure out :)

This is Centos 6 on a vps

I’ve been trying to look for a solution on the net, but i haven’t had much luck
I keep getting a forbidden error when i try to access my webpage, this is what the nginx error log shows:

/usr/Solder/TechnicSolder/public/index.php" is forbidden (13: Permission denied), client: 1.123.51.252, server: http://Example/URL.com, request: "GET / HTTP/1.1", host: "http://Example/URL.com"

I’ve tried to add permission to the user group ‘nginx’ to read and write, via chmod, but it didnt work.

my nginx config.conf is as shown:

user              nginx;
worker_processes  4;

error_log  /var/log/nginx/error.log;
#error_log  /var/log/nginx/error.log  notice;
#error_log  /var/log/nginx/error.log  info;

pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    # Load config files from the /etc/nginx/conf.d directory
    # The default server is in conf.d/default.conf
    include /etc/nginx/conf.d/*.conf;

}

and the nginx defult.conf is:

#
# The default server
#
server {
    listen       80 default_server;
    server_name  http://Example/URL.com;

    #charset koi8-r;

    #access_log  logs/host.access.log  main;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;

    location / {
        root   /usr/Solder/TechnicSolder/public;
        index  index.php index.html index.htm;
    }

    error_page  404              /404.html;
    location = /404.html {
        root   /usr/share/nginx/html;
    }

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/Solder/TechnicSolder/public;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~* \.php$ {
            fastcgi_pass                    unix:/var/run/php5-fpm.sock;
            fastcgi_index                   index.php;
            fastcgi_split_path_info         ^(.+\.php)(.*)$;
            include                         fastcgi_params;
            fastcgi_param PATH_INFO         $fastcgi_path_info;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}



the www.conf file has the group and user changed to nginx.

i believe i’ve followed all the steps correctly with the how to
https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-on-centos-6

thanks for your time :)

1 comment

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

3 answers

Hi there,

I was having exactly the same issue:

  • unable to start/restart/reload nginx…,
  • sudo nginx -t reporting that the syntax of the conf file was Ok,
  • log in /var/log/nginx/error.log showing: open() "/etc/nginx/conf.d/<YOUR_FILE>.conf" failed (13: Permission denied) in /etc/nginx/nginx.conf:31

In my case, i had copied the .conf files in *conf.d** from another folder, of another user (notroot).

Running : ls -lZ /etc/nginx/conf.d/ did indeed help me identify the permission issue: it showed me that the conf files didn’t had the right permissions ( and SELinux context ).

It was:

-rw-r--r--. notroot notroot unconfined_u:object_r:user_home_t:s0 <YOUR_FILE>.conf

Whereas it should be something like:

-rw-r--r--. root root unconfined_u:object_r:httpd_config_t:s0 <YOUR_FILE>.conf

The solution was to recreate the conf files directly in the conf.d folder, instead of copying them from another location:

sudo vi /etc/nginx/conf.d/<YOUR_FILE>.conf

That way, the file had the right permissions and SELinux context, and i didn’t had to modify any SELinux config…

Hope it helps!

  • This comment was exactly the problem I had! I was checking permissions on the directory but not the actual file after copying it in. Thanks for pointing it out!

I typed su nginx and it came back with: ‘This account is currently not available.’

Disable/configure SELinux. And while you’re at it, stop using CentOS and use Debian/Ubuntu instead.

  • i used the command ‘getenforce’ and it shows disabled.

  • Okay, then your chmod/chown is incorrect. su into your nginx user and try accessing the file.

  • Ok, so i’ve added the user shell, and i did su nginx, then tried going to the TechnicSolder (with full path) and it says ‘no such file or directory’ but i can get to the Solder folder, does that mean i dont have permissions on that folder? (and probably subs)

  • I can ‘find’ that folder, but i cant use 'cd’ to it. also as root i did ls -l and nginx is in all folders and files

Submit an Answer