2

I am new to system administration. After installing nginx via puppet on Ubuntu I get the following output:

[alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)

[warn] 1898#0: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1

[emerg] 1898#0: open() "/var/log/nginx/access.log" failed (13: Permission denied)

How do I get rid of all of these messages?

I don't want to use command line directly (chown / chmod) and repeat it every time I create a new server. Therefore, I am thinking of what has to be added to the puppet manifest.

What is the best sysadmin practice in this case: to change owner / permissions for /var/log/nginx or to store logs in different location? If chown / chmod is the way to go, which specific permissions would ensure the highest level of security?

I tried this, but it didn't help:

  file { '/var/log/nginx':
    ensure  => directory,
    mode    => '0755',
    owner   => 'www-data',
    group   => 'www-data',
    recurse => true
  }

Edited:

vagrant@precise64:~$ ps aux | grep [n]ginx
root      1001  0.0  0.1  62908  1388 ?        Ss   08:47   0:00 nginx: master process /usr/sbin/nginx
www-data  1002  0.0  0.1  63260  1696 ?        S    08:47   0:00 nginx: worker process
www-data  1003  0.0  0.1  63260  1696 ?        S    08:47   0:00 nginx: worker process
www-data  1004  0.0  0.1  63260  1696 ?        S    08:47   0:00 nginx: worker process
www-data  1005  0.0  0.1  63260  1696 ?        S    08:47   0:00 nginx: worker process

vagrant@precise64:~$ sudo chown -R www-data:www-data /var/log/nginx;
vagrant@precise64:~$ sudo chmod -R 755 /var/log/nginx;
vagrant@precise64:~$ ls -l /var/log/nginx/
-rwxr-xr-x 1 www-data www-data 214 Sep 10 11:07 error.log
krn
  • 133
  • 1
  • 1
  • 5
  • 1
    You shouldn't focus on 'magically getting rid of the errors'. Read them, understand them, Google them and learn about them. Fix the problem that they're telling you about. – Drew Khoury Sep 10 '13 at 11:49
  • 1
    "Permission denied" is the key here, on the file /var/log/nginx/error.log – Drew Khoury Sep 10 '13 at 11:50
  • I tried to fix permissions before posting this question, but this didn't solve the problem: `sudo chown -R www-data:www-data /var/log/nginx; sudo chmod -R 755 /var/log/nginx; ls -l /var/log/nginx/ -rwxr-xr-x 1 www-data www-data 214 Sep 10 11:07 error.log` – krn Sep 10 '13 at 15:30

2 Answers2

3

this could help you.

The messages you are receiving are dued to the fact that you started nginx as non-root user or without using sudo.

To get rid of log dir error, you have to check which user nginx is running as and give the appropriate permissions to that folder ( your puppet rule maybe gave rights to the wrong one )

The warning message you reported is triggered by the fact that ( as warning states ) "user" directive is meant to be used ONLY when your nginx master process is running as root.

Community
  • 1
Valerio Minetti
  • 343
  • 2
  • 7
0

I know it's been a while, but this usually has to do with SELinux. Try setting it to permissive and it'll probably work fine.

Gustavo Maia
  • 401
  • 2
  • 5