Ask Your Question
0

Nginx permissions

asked 2015-11-14 05:45:37 -0500

hendry gravatar image

I have a Web directory /srv/www from which my nginx root is served from.

I'm a bit puzzled what the chmod/chown/setfacl settings should be on this directory. I want any Web apps (php-fpm) to be able to write here, and I want any user on my system to be able to write in this Web directory too.

Furthermore anyone who creates a new Webapp in the directory /srv/www/foo.example.com, I want it to have the write permissions so that everyone can write here.

edit retag flag offensive close merge delete

Comments

1

If you are going to use a non-default location you will need to configure nginx, php, and php-fpm to use this directory. In addition you are going to have selinux problems, likely with all that. I advise you use the default locations.

bodhi.zazen gravatar imagebodhi.zazen ( 2015-11-14 08:29:46 -0500 )edit

What is the default location? I did have a SElinux issue just replacing nginx.conf with my own configuration from another machine, which resulted me in turning it off. I asked people how to fix it and no one knew how. Toodlepip unusable SElinux!

hendry gravatar imagehendry ( 2015-11-14 22:57:20 -0500 )edit

I do not know the default location for nginx. There is a bit of a learaning curve for selinux and debugging requires you to post the denials. https://fedoraproject.org/wiki/SELinu... . Could be a boolean, could be you are using non-default locations, could be you will need to write your own rules.

bodhi.zazen gravatar imagebodhi.zazen ( 2015-11-15 06:30:12 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted
0

answered 2015-11-14 09:47:00 -0500

aeperezt gravatar image

If you are going to set in a different location than default, you need to change

You folders must be own by nginx user and group ngnix

sudo chown -R nginx:nginx /srv/www

You also need selinux look at this blog post that seems to solve your issue http://blog.frag-gustav.de/2013/07/21...

edit flag offensive delete link more

Comments

That blog on selinux is old and the solution is a hack by someone who is new to selinux. chcon is temporary and will be reset next time the file system is relabled. It may or may not help with php-fpm

bodhi.zazen gravatar imagebodhi.zazen ( 2015-11-14 17:59:43 -0500 )edit

But users are not in the nginx group. So how I make it so that _any user_ can write into a Web dir? Add each user to nginx group manually??

hendry gravatar imagehendry ( 2015-11-14 22:58:14 -0500 )edit

Question Tools

1 follower

Stats

Asked: 2015-11-14 05:45:37 -0500

Seen: 331 times

Last updated: Nov 14 '15