0

I am running nginx on Ubuntu 11.10 with php-fpm and SELinux. The site is served over https/ssl

Content that is directly under any sites root dir is served, but when trying to access a subdirectory the following is added to /var/log/nginx/error.log:

 "/home/mydomain/public_html/{subdirectory}" failed (13: Permission denied)

I've tried turning off SELinux (setenforce 0). No change.

  • The server is running as www-data and user mydomain belongs to group www-data.
  • php-fpm is running as user mydomain
  • permissions: /home dirs are 0750, subdirs are 0755

Site's configuration follows:

server {
        listen 443;

        root /home/mydomain/public_html;
        index index.html index.htm index.php;

        server_name www.mydomain.com;

        location / {
                try_files $uri $uri/ /index.php;
        }

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9001
        location ~ \.php$ {
                fastcgi_pass 127.0.0.1:9001;
                fastcgi_index index.php;
                # include /etc/nginx/fastcgi_params;
        }

        ssl on;
        ssl_certificate /etc/ssl/certs/server.crt;
        ssl_certificate_key /etc/ssl/private/server.key;

        ssl_session_timeout 5m;

        ssl_protocols SSLv3 TLSv1;
        ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;

}

server {
        listen 80;
        server_name *.mydomain.com;
        rewrite ^(.*) https://www.mydomain.com$1 permanent;
}

Here is the output of ls -al /home/mydomain/public_html as requested:

drwxr-xr-x. 3 mydomain mydomain 4096 2011-12-07 17:49 .
drwxr-x---. 6 mydomain mydomain 4096 2011-11-14 08:33 ..
drwxr-xr-x. 3 mydomain mydomain 4096 2011-12-06 16:23 subdirectory
-rw-r--r--. 1 mydomain mydomain   55 2011-12-07 17:50 index.php
-rw-r--r--. 1 mydomain mydomain   20 2011-12-07 17:49 info.php

This is the content of my subdirectory:

drwxr-xr-x.  3 mydomain mydomain 4096 2011-12-06 16:23 .
drwxr-xr-x.  3 mydomain mydomain 4096 2011-12-07 17:49 ..
drwxr-xr-x. 11 mydomain mydomain 4096 2011-12-06 16:26 html
-rw-r--r--.  1 mydomain mydomain   36 2011-12-06 16:23 index.php

Thank you for any help. Also, if any other issues with the configuration are found, please comment.

Alasjo
  • 103
  • 7
  • Further investigation shows that php can read/write from/to subdirectories, but trying to access a subdirectory directly will not work. – Alasjo Dec 16 '11 at 13:50
  • If those "Permission denied" messages are written to the nginx log, the problem must be caused by nginx, not by php-fpm. Can user 'www-data' access the subdirectories of /home/mydomain/public_html? Could you show the output of `ls -al /home/mydomain/public_html`? And the permissions for the files you are trying to access? – minaev Dec 18 '11 at 12:58
  • @minaev, added the output to my original post – Alasjo Dec 19 '11 at 06:51

1 Answers1

0

Aha, I didn't notice that 750 on /home/*. I think this is where the problem is. Your php files are readable for php-fpm, but not for nginx. Full path to the content must be readable for nginx, too. If possible, set the permissions on /home/mydomain to 755, or move the content to some other directory (like, /var/www).

minaev
  • 1,617
  • 1
  • 13
  • 13
  • Yeah, that works, though my intention was to prevent users to read each others home dirs. However, php is restricted to the users home dir and user has no shell access, so hopefully it's sufficient. – Alasjo Dec 21 '11 at 06:07
  • Well, you could run both php-fpm and Nginx as the same user... – minaev Dec 21 '11 at 11:25
  • Then I would need an Nginx instance for each user..? – Alasjo Dec 22 '11 at 12:28