Why does child process get 13(Permission denied) when open the file created by parent process in nginx

Question

I am trying to write a plugin in nginx, I should create a file in main process then child process will read this file. I have set the file 0766 in main process, but open and statvfs failed when I try to open the file in child process, the errno is 13 which means Permission denied.

Is there any special settings between parent and child processes? How can I solve it?

my code is like this:

// in nginx main process I create the file
u_char* shared_addr = NULL; 
int map_my_file(const char* path)
{
    extern int errno;
    umask(0);
    int fd = open(path, O_RDWR | O_CREAT | O_EXCL, 0766);
    if (fd < 0)
    {
        ngx_log_stderr(0, "open file failed %s, %d", path, errno);
    }
    if (ftruncate(fd, 1024 *1024) < 0)
    {
        printf("ftruncate %d failed", fd);
    }
    shared_addr = (u_char*)mmap(NULL, 1024 * 1024, PROT_READ | PROT_WRITE, MAP_SHARED, fd, 0);
    close(fd);
}

// in nginx child process, I try to open the file 
    int cfd = 0;
    if ((cfd = open("./t.log", O_RDWR)) >= 0)
    {
        printf("child open success\n");
    } else {
        printf("failed %d\n", errno);
    }
// I got `failed 13`, means `Permission denied`

If I take these create and open codes out separately and put them in a sample parent-child process case, it can works correctly. But it can not work in nginx, always told me 13.

Try disabling SELinux first and see if there is any difference. — IVO GELOV, May 04 '23 at 12:16
@IVOGELOV Originally there is not SELinux installed on my server, After I installed it , disable it and restart server, it is still the same error. — Klen, May 05 '23 at 00:33
Well, `extern int errno;` [is absolutely wrong](https://port70.net/~nsz/c/c11/n1570.html#7.5p2): "If a macro definition is suppressed in order to access an actual object, **or a program defines an identifier with the name errno, the behavior is undefined**." First, get rid of that and [use the proper `#include `](https://port70.net/~nsz/c/c11/n1570.html#7.5) — Andrew Henle, May 05 '23 at 00:58
@AndrewHenle I delete `extern int errno`, still get the same error number 13, and if I use `statvfs` to get the fold information, still get 13, but if I try `statvfs` in a separate sample case, it can work fine. I wonder if there some special settings in `nginx` — Klen, May 05 '23 at 02:10

score 0 · Accepted Answer · edited May 08 '23 at 08:50

0

There are two reasons lead to this error

I did not set user in nginx.conf, thus nobody will control the work process in default according this, Nginx will set user when child process initializes.
The child process needs x access on all directories, see this.

Check the following:

chmod +x /home/
chmod +x /home/username
chmod +x /home/username/siteroot

edited May 08 '23 at 08:50

Mina Abd El-Massih

636
1
8
13

answered May 06 '23 at 08:18

Klen

13
4

Why does child process get 13(Permission denied) when open the file created by parent process in nginx

1 Answers1