-1

I've configured uwsgi and nginx to work through socket(chmod 777) which is located in user home dir, but nginx can't access the socket(13: Permission denied in error.log). Tried moving socket to /tmp/ with 777 chmod, but then received error 2: No such file or directory

2021/09/21 19:40:16 [crit] 68278#0: *17 connect() to unix:///tmp/my.sock failed (2: No such file or directory) while connecting to upstream, client: ***, server: ***, request: "GET / HTTP/1.1", upstream: "uwsgi://unix:///tmp/my.sock:", host: "****"

2021/09/21 20:10:16 [crit] 517#0: *1 connect() to unix:/home/***/.deploy/my.sock failed (13: Permission denied) while connecting to upstream, client: ***, server: ***, request: "GET / HTTP/1.1", upstream: "uwsgi://unix:/home/***/.deploy/my.sock:", host: "***"

P.S. selinux disabled

dav
  • 3
  • 3

1 Answers1

2

Before getting to the answer, you should make every effort to break the bad security habits of using chmod 777 or disabling SELinux. Rather, you should learn fully the UNIX permission model so that you will always know the right permissions, and you should configure your services to work with SELinux to benefit from the additional layers of security that it provides.

So the reason your socket buried deep within a user's home directory doesn't work is that a parent directory's permissions prohibit the necessary access (in this case, search x). Use namei -l /home/***/.deploy/my.sock to see the permissions of all parent directories at once, and correct the ones which do not allow search permission (most likely it is /home/***).

chmod +x /as/needed

Also remember to fix the permissions and ownership on the socket itself as needed.

For completeness, the reason your socket in /tmp was not found is that nginx running as a system service cannot access the system /tmp directory. Systemd starts it with PrivateTmp=true which causes a unique private directory to be created and nginx's /tmp namespaced to that directory. This is what all those /tmp/xxx-systemd-private-foo directories are for.

Michael Hampton
  • 244,070
  • 43
  • 506
  • 972