Nginx: stat() failed (13: permission denied)

问题:

I am using the default config while adding the specific directory with nginx installed on my ubuntu 12.04 machine.

server {         #listen   80; ## listen for ipv4; this line is default and implied         #listen   [::]:80 default ipv6only=on; ## listen for ipv6          index index.html index.htm;          # Make site accessible from http://localhost/         server_name localhost;          location / {                 # First attempt to serve request as file, then                 # as directory, then fall back to index.html                 root /username/test/static;                 try_files $uri $uri/ /index.html;                 # Uncomment to enable naxsi on this location                 # include /etc/nginx/naxsi.rules         } ...  ... } 

I just want a simple static nginx server to serve files out of that directory. However, checking the error.log I see

2014/09/10 16:55:16 [crit] 10808#0: *2 stat() "/username/test/static/index.html" failed (13: Permission denied), client:, server: localhost, request: "GET /favicon.ico HTTP/1.1", host: "domain" 2014/09/10 16:55:16 [error] 10808#0: *2 rewrite or internal redirection cycle while internally redirecting to "/index.html 

I've already done chown -R www-data:www-data on /username/test/static, I've set them to chmod 755. I don't know what else needs to be set.

回答1:

Nginx operates within the directory, so if you can't cd to that directory from the nginx user then it will fail (as does the stat command in your log). Make sure the www-user can cd all the way to the /username/test/static. You can confirm that the stat will fail or succeed by running

sudo -u www-data stat /username/test/static 

In your case probably the /username directory is the issue here. Usually www-data does not have permissions to cd to other users home directories.

The best solution in that case would be to add www-data to username group:

gpasswd -a www-data username 

and make sure that username group can enter all directories along the path:

chmod g+x /username && chmod g+x /username/test && chmod g+x /username/test/static 

For your changes to work, restart nginx

nginx -s reload 

回答2:

I've just had the same problem on a CentOS 7 box.

Seems I'd hit selinux. Putting selinux into permissive mode (setenforce permissive) has worked round the problem for now. I'll try and get back with a proper fix.

回答3:

On CentOS 7.0 I had this Access Deined problem caused by SELinux and these steps resolved the issue:

yum install -y policycoreutils-devel grep nginx /var/log/audit/audit.log | audit2allow -M nginx semodule -i nginx.pp 

Update: Just a side-note from what I've learned while using digitalocean's virtual Linux servers, or as they call them Droplets. Using SELinux requires a decent amount of RAM. It's most probably like you won't be able to run and manage SELinux on a droplet with less than 2GB of RAM.

回答4:

You may have Security-Enhanced Linux running, so add rule for that. I had permission 13 errors, even though permissions were set and user existed..

chcon -Rt httpd_sys_content_t /username/test/static

回答5:

Nginx need to have +x access on all directories leading to the site's root directory.

Ensure you have +x on all of the directories in the path leading to the site's root. For example, if the site root is /home/username/siteroot:

chmod +x /home/ chmod +x /home/username chmod +x /home/username/siteroot 

回答6:

Symptom:

Could not upload images to WordPress Media Library.

Cause:

(CentOS) yum update

Error:

2014/10/22 18:08:50 [crit] 23286#0: *5332 open() "/var/lib/nginx/tmp/client_body/0000000003" failed (13: Permission denied), client: 1.2.3.4, server: _, request: "POST /wp-admin/media-new.php HTTP/1.1", host: "example.com", referrer: "http://example/wp-admin/media-new.php" 

Solution:

chown -R www-data:www-data /var/lib/nginx

回答7:

By default the static data, when you install the nginx, will be in /var/www/html. So you can just copy your static folder into /var/html/ and set the

root /var/www/

in ngix.conf (or /etc/nginx/sites-available/default)

This worked for me on ubuntu but I guess it should not be much different for other distros.

Hope it helps.

回答8:

I had the same issue, I am using Plesk Onyx 17 with Centos7. I could see this error in proxy_error_log under the affected domain's logs. All the dirs/files in /var/www/vhosts/ are owned by respective users (domain owners) and you can see that all of them are in psacln group. So solution was to add nginx also to this group, so he can see what he needs:

usermod -aG psacln nginx 

And indeed, restart nginx and reload page with Ctrl+F5.

回答9:

I faced this problem, I solved it to give permissions to nginx user and group something like this:

chown -R nginx:nginx /username/test/static 

回答10:

In my case, the folder which served the files was a symbolic link to another folder, made with

ln -sf /origin /var/www/destination 

Even though the permissions (user and group) where correct on the destination folder (the symbolic link), I still had the error because Nginx needed to have permissions to the origin folder whole's hierarchy as well.

文章来源: Nginx: stat() failed (13: permission denied)