Angus Ireland Angus Ireland -4 years ago 128
PHP Question

Nginx 403 forbidden for all files

I have nginx installed with PHP-FPM on a CentOS 5 box, but am struggling to get it to serve any of my files - whether PHP or not.

Nginx is running as www-data:www-data, and the default "Welcome to nginx on EPEL" site (owned by root:root with 644 permissions) loads fine.

The nginx configuration file has an include directive for /etc/nginx/sites-enabled/*.conf, and I have a configuration file, thus:

server {
listen 80;

Virtual Host Name

location / {
root /home/demo/sites/;
index index.php index.htm index.html;

location ~ \.php$ {
fastcgi_index index.php;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_param SCRIPT_FILENAME /home/demo/sites/$fastcgi_script_name;
include fastcgi_params;

Despite public_html being owned by www-data:www-data with 2777 file permissions, this site fails to serve any content -

[error] 4167#0: *4 open() "/home/demo/sites/" failed (13: Permission denied), client: XX.XXX.XXX.XX, server:, request: "GET /index.html HTTP/1.1", host: ""

I've found numerous other posts with users getting 403s from nginx, but most that I have seen involve either more complex setups with Ruby/Passenger (which in the past I've actually succeeded with) or are only receiving errors when the upstream PHP-FPM is involved, so they seem to be of little help.

Have I done something silly here?

Answer Source

One permission requirement that is often overlooked is a user needs x permissions in every parent directory of a file to access that file. Check the permissions on /, /home, /home/demo, etc. for www-data x access. My guess is that /home is probably 770 and www-data can't chdir through it to get to any subdir. If it is, try chmod o+x /home (or whatever dir is denying the request).

EDIT: To easily display all the permissions on a path, you can use namei -om /path/to/check

Recommended from our users: Dynamic Network Monitoring from WhatsUp Gold from IPSwitch. Free Download