nginx: "/root/index.html" forbidden (13: Permission denied)

Question

I am installing nginx. Here is the steps I followed:

Make index.html file in /root directory

edit /etc/nginx/nginx.conf. After edit it looks like this:

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log;
...

http {
   ...

   server {
        listen       80 default_server;
        server_name  my_domain_name.com;
        root   /root;
    ...
}

following this question I gave away permissions:

gpasswd -a nginx root

chmod g+x /root

(sorry, couldn't correctly format as code)

I restarted server:

service nginx restart

I visited my_domain_name.com and got 403 error. /var/log/nginx/error.log content:

"/root/index.html" is forbidden (13: Permission denied), client: 117.211.86.108, server: my_domain_name.com, request: "GET / HTTP/1.1", host: "my_domain_name.com"

mattdm · Accepted Answer · 2023-07-13T18:22:29.057

Oh! Please don't disable SELinux.

First — do you really need to serve files from /root? That's actually the home directory for the root user, not meant to be the web root. This is actually a very bad idea. Instead, use /var/www/html or (my preference) /srv/www. If you do use /root, make sure you're not exposing ssh keys or authorized_keys files, database passwords, or anything similar. It's really just a bad idea all around.

Second, rather than disabling SELinux (which, in this case, is protecting you from doing something dangerous), you should configure it properly. In Fedora, the SELinux policy as designed so nginx shares this with other webservers, so, using /srv/www/yoursite as the root,

chcon -R -t httpd_sys_content_t /srv/www/yoursite

should do it.

(This answer should also apply to all of the "Enterprise Linux" distributions that are downstream from Fedora Linux — that is, RHEL, CentOS Linux, CentOS Stream, etc.)

3 hours wasted before I landed here. THANK YOU! - Working on CentOS — Orion Cygnus, Jul 13 '23 at 18:08

score 20 · Answer 2 · answered Mar 22 '16 at 04:34

20

I was on an amazon linux instance, had to do

sudo chmod o+x /home/ec2-user/
sudo service nginx restart

Not sure what the security implications are.

answered Mar 22 '16 at 04:34

oystersauce8

461
5
12

score -2 · Answer 3 · answered Oct 08 '21 at 13:44

-2

I solved it by disable SELINUX and reboot

vi /etc/selinux/config

#SELINUX=enforcing
SELINUX=disabled

reboot

answered Oct 08 '21 at 13:44

Will Wu

553
4
15

This isn't really _solving_ it. This approach forgoes the very real protection against compromise that SELinux can provide — in this case, it's usually _very bad_ if ngnix is serving files from `/root` — despite the name, that directory is _not_ meant to be a web root. Please see my answer. – mattdm Apr 04 '22 at 21:13

nginx: "/root/index.html" forbidden (13: Permission denied)

3 Answers3