nginx on Ubuntu: Permission denied

问题

I am new to system administration. After installing nginx via puppet on Ubuntu I get the following output:

[alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)

[warn] 1898#0: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1

[emerg] 1898#0: open() "/var/log/nginx/access.log" failed (13: Permission denied)

How do I get rid of all of these messages?

I don't want to use command line directly (chown / chmod) and repeat it every time I create a new server. Therefore, I am thinking of what has to be added to the puppet manifest.

What is the best sysadmin practice in this case: to change owner / permissions for /var/log/nginx or to store logs in different location? If chown / chmod is the way to go, which specific permissions would ensure the highest level of security?

I tried this, but it didn't help:

  file { '/var/log/nginx':
    ensure  => directory,
    mode    => '0755',
    owner   => 'www-data',
    group   => 'www-data',
    recurse => true
  }

Edited:

vagrant@precise64:~$ ps aux | grep [n]ginx
root      1001  0.0  0.1  62908  1388 ?        Ss   08:47   0:00 nginx: master process /usr/sbin/nginx
www-data  1002  0.0  0.1  63260  1696 ?        S    08:47   0:00 nginx: worker process
www-data  1003  0.0  0.1  63260  1696 ?        S    08:47   0:00 nginx: worker process
www-data  1004  0.0  0.1  63260  1696 ?        S    08:47   0:00 nginx: worker process
www-data  1005  0.0  0.1  63260  1696 ?        S    08:47   0:00 nginx: worker process

回答1:

Make sure you are running the test as a superuser.

sudo nginx -t

Or the test wont have all the permissions needed to complete the test properly.

回答2:

If i assume that your second code is the puppet config then i have a logical explaination, if the error and log files were create before, you can try this

sudo chown -R www-data:www-data /var/log/nginx;
sudo chmod -R 755 /var/log/nginx;

回答3:

I faced similar issue while restarting Nginx and found it to be a cause of SeLinux. Be sure to give a try after either disabling SeLinux or temporarily setting it to Permissive mode using below command:

setenforce 0

I hope it helps :)

回答4:

just because you don't have the right to acess the file , use

chmod -R 755 /var/log/nginx;

or you can change to sudo then it

回答5:

Permission to view log files is granted to users being in the group adm.

To add a user to this group on the command line issue:

sudo usermod -aG adm <USER>

回答6:

For me, I just changed the selinux from enforcing to permissive and then I was able to start nginx without any error.

回答7:

I just patch nginx binary replacing path /var/log/nginx/error.log and other with local path.

$ perl -pi \
    -e 's@/var/log/nginx/@_var_log_nginx/@g;' \
    -e 's@/var/lib/nginx/@_var_lib_nginx/@g;' \
    -e 's@/var/run/nginx.pid@_var_run/nginx.pid@g;' \
    -e 's@/run/nginx.pid@_run/nginx.pid@g;' \
    < /usr/sbin/nginx > nginx
$ chmod +x nginx
$ mkdir _var_log_nginx _var_lib_nginx _var_run _run
$ ./nginx -p . -c nginx.conf

It works for testing.