Question

403 Forbidden nginx (13) permission denied

To start with i’ve just freshly started off with linux, still wrapping my head around a lot of things. So i’m pretty sure its a simple fix i haven’t been able to figure out :)

This is Centos 6 on a vps

I’ve been trying to look for a solution on the net, but i haven’t had much luck I keep getting a forbidden error when i try to access my webpage, this is what the nginx error log shows:

/usr/Solder/TechnicSolder/public/index.php" is forbidden (13: Permission denied), client: 1.123.51.252, server: http://Example/URL.com, request: "GET / HTTP/1.1", host: "http://Example/URL.com"

I’ve tried to add permission to the user group ‘nginx’ to read and write, via chmod, but it didnt work.

my nginx config.conf is as shown:

user              nginx;
worker_processes  4;

error_log  /var/log/nginx/error.log;
#error_log  /var/log/nginx/error.log  notice;
#error_log  /var/log/nginx/error.log  info;

pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;
    
    # Load config files from the /etc/nginx/conf.d directory
    # The default server is in conf.d/default.conf
    include /etc/nginx/conf.d/*.conf;

}

and the nginx defult.conf is:

#
# The default server
#
server {
    listen       80 default_server;
    server_name  http://Example/URL.com;

    #charset koi8-r;

    #access_log  logs/host.access.log  main;

    # Load configuration files for the default server block.
    include /etc/nginx/default.d/*.conf;

    location / {
        root   /usr/Solder/TechnicSolder/public;
        index  index.php index.html index.htm;
    }

    error_page  404              /404.html;
    location = /404.html {
        root   /usr/share/nginx/html;
    }

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/Solder/TechnicSolder/public;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~* \.php$ {
            fastcgi_pass                    unix:/var/run/php5-fpm.sock;
            fastcgi_index                   index.php;
            fastcgi_split_path_info         ^(.+\.php)(.*)$;
            include                         fastcgi_params;
            fastcgi_param PATH_INFO         $fastcgi_path_info;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}



the www.conf file has the group and user changed to nginx.

i believe i’ve followed all the steps correctly with the how to https://www.digitalocean.com/community/tutorials/how-to-install-linux-nginx-mysql-php-lemp-stack-on-centos-6

thanks for your time :)

Subscribe
Share

For those who has SELinux == Enforcing and Nginx returns 403 for static files :

  1. Enable SELinux httpd_can_network_connect feature
sudo setsebool -P httpd_can_network_connect on 
  1. check SELinux enforce
getenforce

If it is Enforcing -

chcon -Rt httpd_sys_content_t /path/to/www

https://stackoverflow.com/questions/22586166/why-does-nginx-return-a-403-even-though-all-permissions-are-set-properly#answer-26228135

  1. Make sure NGinx has permissions to read the static files and parent folders have ‘execute’ permission. Took me 4 hours to figure this out.

https://wpcolt.com/how-to-solve-403-forbidden-nginx/


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Hi there,

I was having exactly the same issue:

  • unable to start/restart/reload nginx…,
  • sudo nginx -t reporting that the syntax of the conf file was Ok,
  • log in /var/log/nginx/error.log showing: open() "/etc/nginx/conf.d/<YOUR_FILE>.conf" failed (13: Permission denied) in /etc/nginx/nginx.conf:31

In my case, i had copied the *.conf files in conf.d from another folder, of another user (notroot).

Running : ls -lZ /etc/nginx/conf.d/ did indeed help me identify the permission issue: it showed me that the conf files didn’t had the right permissions ( and SELinux context ).

It was:

-rw-r--r--. notroot notroot unconfined_u:object_r:user_home_t:s0 <YOUR_FILE>.conf

Whereas it should be something like:

-rw-r--r--. root root unconfined_u:object_r:httpd_config_t:s0 <YOUR_FILE>.conf

The solution was to recreate the conf files directly in the conf.d folder, instead of copying them from another location:

sudo vi /etc/nginx/conf.d/<YOUR_FILE>.conf

That way, the file had the right permissions and SELinux context, and i didn’t had to modify any SELinux config…

Hope it helps!

I typed su nginx and it came back with: ‘This account is currently not available.’

Disable/configure SELinux. And while you’re at it, stop using CentOS and use Debian/Ubuntu instead.