"sudo: unable to resolve host ghost" + Directory Permissions 403 Error

November 29, 2015 6.3k views
Nginx Ubuntu
Dizazter
By:
Dizazter

Okay, well, I sort of went down the rabbit hole of errors, beginning by attempting to change my newly-made directory ownerships (/var/www/documents and /var/www/projects) to the point where I'm at in the question title above. For reference, I have read the related question, but all seemed fine on that front.

Changing Directory Permissions
First, I visited this piece on GitHub and followed their instructions to chmod 701 user_home. Files I placed in my newly-made directories above would produced a 403 error—I couldn't read them. If I do resolve the below, this problem still remains.

Unable to Resolve Host
Since that, upon trying to sudo service nginx restart, I've been getting the above host resolution error. I'm running Ghost. Now, I have an ERRCONNECTIONREFUSED, and nothing is loading.

Server + Site Information
My /etc/hosts and /etc/hostname contents are below respectively. My droplet's name is Dizaztrous.

/etc/hosts
127.0.0.1 Dizaztrous Dizaztrous
127.0.0.1 localhost.localdomain localhost
127.0.0.1 localhost4.localdomain4 localhost4

::1 Dizaztrous Dizaztrous
::1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6

/etc/hostname
ghost

My site is www.fromthehiptoss.com. The realm of server-side maintenance is something I've been barely scraping by with, and it's finally hit me now. I'll be happy to answer any questions you may have, as I'm at a bit of a loss with my site down. Thank you!

TLDR
Sorry, I'm a bit lengthy—tried to change directory permissions and ended up downing my entire website.

Log In to Comment
2 Answers
jtittle1 November 29, 2015

@Dizazter

First up, just for the sake of keeping "junk" out of your /etc/hosts file, the entries below can be safely removed as they do nothing at all :-).

127.0.0.1 Dizaztrous Dizaztrous

::1 Dizaztrous Dizaztrous

If you're not specifically using IPv6, you can remove the rest of the IPv6 too:

::1 localhost.localdomain localhost
::1 localhost6.localdomain6 localhost6

In fact, the only thing you really need to define in that file is your hostname with and without your domain attached and localhost, like so:

127.0.0.1       localhost
127.0.1.1       hostname.fromthehiptoss.com hostname

If you're not sure what your hostname is, you can execute the following from the CLI:

hostname

.. and it'll output what you currently have it set as. If you'd like to change it, you can use the same command and pass a new hostname to it.

hostname newhostname.fromthehiptoss.com

With that out of the way, directories should be chmod 755 and files chmod 644, though setting up these permissions won't do any good unless your directories are owned by the user who's executing the scripts (read: files) from said directories.

Note: For the next bit, I'd recommend heading over to PasteBin and copying the requested information to a new PasteBin for each, just to keep things organized :-).

Browse to your home directory, execute the command below and save it to a PasteBin. This command simply lists the files and directories in the directory you run it from and tells us who owns them and what their permissions are set to.

ls -al

Next, if you would, please post the contents of:

/etc/nginx/nginx.conf

and

/etc/nginx/sites-available/yoursite.conf

Where yoursite.conf is the configuration file for your website (note: you may use another directory to store configuration files -- this is the default, so please feel free to substitute as needed :-) ).

I'm mainly looking to see who you're running NGINX as and to also make sure everything in both the NGINX configuration file and your website configuration file looks good so perhaps we can knock out two things at once :-).

Reply
  • jtittle1 November 29, 2015

    Looks like I missed a few conversations during my post ;-) -- just trying to cover all bases so we can get you up and running.

  • Dizazter November 29, 2015

    All right, well, all I could do is done! Thank you for sending this crazy-detailed response. Here's what I've done:

    • Changed /etc/hosts as per your instructions.
    • Ran ls -al command (admittedly, didn't mean much to me, but I see how everything's defined).
    • Pasted the nginx.conf and ghost.conf files' contents below.

    ghost.conf

    server {
    listen 80 default_sever;
    listen [::]:80 default_server ipv6only=on;

    server_name fromthehiptoss.com;

    root /usr/share/nginx/html;
    index index.html index.htm;

    client_max_body_size 10G;

    location / {
        proxy_pass http://localhost:2368;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_buffering off;
    }
}

    nginx.conf

    user www-data;
worker_processes 4;
pid /run/nginx.pid;

events {
    worker_connections 768;
    # multi_accept on;
}

http {

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    gzip on;
    gzip_disable "msie6";

    # gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

    ##
    # nginx-naxsi config
    ##
    # Uncomment it if you installed nginx-naxsi
    ##

    #include /etc/nginx/naxsi_core.rules;

    ##
    # nginx-passenger config
    ##
    # Uncomment it if you installed nginx-passenger
    ##

    #passenger_root /usr;
    #passenger_ruby /usr/bin/ruby;

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}


#mail {
#   # See sample authentication script at:
#   # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
# 
#   # auth_http localhost/auth.php;
#   # pop3_capabilities "TOP" "USER";
#   # imap_capabilities "IMAP4rev1" "UIDPLUS";
# 
#   server {
#       listen     localhost:110;
#       protocol   pop3;
#       proxy      on;
#   }
# 
#   server {
#       listen     localhost:143;
#       protocol   imap;
#       proxy      on;
#   }
#}
    • kode54 November 29, 2015

      Look at the top of your web site's configuration file. Typo default_sever, missing the r, it should be default_server.

      With that error, your web server will not even start.

      • Dizazter November 29, 2015

        Incredibly silly of me. I apologize for not noticing sooner. Thank you. The server (and my website) is now running. All that remains is my permissions debacle.

    • jtittle1 November 29, 2015

      @Dizazter

      In ghost.conf, since you've removed the IPv6 settings from your /etc/hosts file, you can also safely remove:

      listen [::]:80 default_server ipv6only=on;

      I would also recommend removing client_max_body_size from ghost.conf and placing it directly in your nginx.conf file, which applies the setting globally instead of statically (i.e. to a single domain).

      Also, unless you're planning on allowing uploads up to 10G, I would suggest lowering this value drastically. 

      client_max_body_size 10G;

      Setting this to a high value could cause NGINX to hang unless you have timeouts set to prevent this sort of thing.

      There's a number of other things we can tweak, though ultimately, we need to get your permissions taken care of first.

      --

      Have you issued the previously provided commands? If so, as of this post, are you still having issues? If you've not, let me know if you're receiving any errors.

      Also, if those commands do not work and you would like some off-site help, you're more than welcome to e-mail me directly:

      hello -[@]- habanero.io

      Simply remove the spaces and swap -[@]- for @ (a little spam control :-) ).

      I'd be more than happy to take a look at the server directly to see if we can get you up and running a little quicker than going back and forth (and obviously, for free -- just looking to help you out).

Zachary_DuBois November 29, 2015

Alright, so permissions of 701 is very weird. By default in Linux systems, file permissions are 644 and directories 755. But 701 basically says anyone can execute but only that user can do everything. Very insecure to have a file with a 7 in the permission when you don't need it (or a 1 for that matter). Basically, how you want to go about this is change those permissions back to the defaults (when they were originally created, they might've not all been the Linux defaults).

Going from there, it depends on what your running. Could you give me an idea so I know what specific permissions sound good for it?

More information and a handy tool to learn octal "number" permissions.

Reply
  • Dizazter November 29, 2015

    Zachary, thank you for the speedy reply! That permissions "decoder" is now incredibly useful and is bookmarked!

    By running, I hope you're referring to Ubuntu Ghost 0.7.1 on 14.04? Please let me know if I can do anything else.

  • Zachary_DuBois November 29, 2015

    Ah so a node app. Well, first I am going to direct you to here. But from what you said, it is in your home directory. I'd recommend for security you make Ghost to be on its own user. Then you should just need to make sure the permissions are of that user, and default Linux permissions should work for node apps.

    How To Create a Blog with Ghost and Nginx on Ubuntu 14.04
    by Hamza Shezad
    Ghost is a lightweight (~7.5MB), open source blogging platform which is really easy to use. Ghost is fully customizable. There are loads of themes available for Ghost on the Internet, free as well as paid. In this tutorial, we will go through the steps to get Ghost setup and running on your Ubuntu 14.04 system. We will also install Nginx to proxy ports and install `forever`, a node package, to keep Ghost running in the background.
    • Dizazter November 29, 2015

      Okay, thanks. I've been there before, but my main question is: how can I revert back from the 701 changes I made? Is there a way to reset all permissions to what they were? Thanks again for the help.

    • Zachary_DuBois November 29, 2015

      Sadly there is no rollback. If you have a backup/snapshot, that would be the best bet. You can reset them to the linux defaults fairly easily though. That should do it for most node apps.

      A caution about these commands, make sure your current working directory is the where Ghost is. These two commands will change each file in your current working directory. Make sure you are where Ghost is by running pwd. If that returns the directory containing all the Ghost files, your set.

      Again, handle with care.

      find . -type d -exec sudo chmod 755 {} \;
find . -type f -exec sudo chmod 644 {} \;
      • Dizazter November 29, 2015

        Okay. I have an older backup, so I am willing to try this. One final question, sorry to be a pain:

        If the directory for Ghost is /var/www/ghost, should I be changing my directory to /var/www/ or /var/www/ghost?

        Thanks again (again)!

        • jtittle1 November 29, 2015

          @Dizazter

          You'd want to execute those commands from the home or base directory. If /var/www/ghost is where all your files are located, then you would cd to /var/www/ghost and then execute both commands (one after the other).

          If, however, Ghost has files in /var/www, then you would need to execute from there.

        • Zachary_DuBois November 29, 2015

          @Dizazter Once again, @jtittle provided a much more detailed response :) I haven't really done much with Ghost but he must've :P

          • jtittle1 November 29, 2015

            @Zachary_DuBois

            Something tells me that this isn't an issue with Ghost :-). I've only had the chance to tinker with it a handful of times, though from the looks of it, this is a user:group issue relating to permissions. At least, that would be my guess without seeing things first-hand.

          • Zachary_DuBois December 1, 2015

            @jtittle Yeah I know it was a permission issue, I just don't know the structure of Ghost to give specific permissions :)

      • Dizazter December 1, 2015

        Zach (and jtittle),

        I've given those commands a go and now absolutely everything is giving me this error in the browser (I've made a backup, but am curious if there is a way to actually remedy my permissions problem):

        500

        EACCES, stat '/var/www/ghost/content/themes/wondershot/documents/BestCollegesVisualization_WriteUp.pdf'

        Continued thanks!

        • jtittle1 December 1, 2015

          @Dizazter

          By chance, would you mind shooting me an e-mail directly? If you'd be okay with me taking a look at the server, I'd be more than happy to see if we can get you up and running as quickly as possible. It'd be much faster than back and forth comments and once I find the issue, I can either provide you with a mini-guide on how to fix it, or I can simply fix it for you.

          I would need temporary access to the server, of course, though ultimately, I'm just looking to lend a hand so we can get you taken care of :-).

          --

          If you'd prefer not to, we can keep the discussion going here, though being able to look at the server directly is going to allow me to run through a few commands and get instant results so we don't add any more delay.

          --

          That said, if you'd prefer to keep things here, is that error after running the command to put Ghost in to production, or is it the result of another command or action?

          I ask as npm does not play too nicely with sudo in some cases and when using npm with sudo you may need to pass --unsafe-perm=true as an option in order to get it to work as intended. It's not ideal, though it's an issue that pops up quite often so I thought I'd ask as EACCES errors do pop up as a result (with varied situations).

          • Dizazter December 28, 2015

            I apologize that it's taken me so long to respond — things got a bit hectic since the beginning of December. I would be more than happy to let you look at the server if you were willing to still. Where might I email you? Thank you for all of your help (as well as you too @Zachary_DuBois and @kode54). –Frankie

Have another answer? Share your knowledge.

Related Questions