Change nginx user in config >> 403 error index.html forbidden

Hi All,

I have just installed NGINX 1.1.2. I made my own configuration and
makefile and installed the nginx server.
When I set the config to:
user root root;
I get the hello world index.html file provided by the nginx installer
(./html/index.html).

When I set the config to:
user nginx nginx;
(which is what I want), I get a 403 message. The error.log says the
index.html is forbidden.

These are the file permissions I have set on the files in the ./html
directory:
total 16
-rw-r–r-- 1 someowner nginx 383 Sep 16 15:27 50x.html
-rw-r–r-- 1 someowner nginx 151 Sep 16 15:27 index.html
-rw-r–r-- 1 someowner nginx 6971 Sep 16 15:27 ngx_core_module.html

The nginx user is a member of the nginx group (which has the required
permission to view the index.html):
$ groups nginx
returns:
nginx : nginx

So, what should I do to give the worker processes of nginx access to
these files? I’m at a loss here.

I would greatly appreciate any help!

Best regards,
Martijn.

ps this is the content of my nginx.conf:

user root root;
worker_processes 4;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid logs/nginx.pid;

events {
worker_connections 128;
}

http {
include mime.types;
default_type application/octet-stream;

#log_format  main  '$remote_addr - $remote_user [$time_local]

“$request” ’
# '$status $body_bytes_sent “$http_referer” ’
# ‘"$http_user_agent" “$http_x_forwarded_for”’;

#access_log  logs/access.log  main;

sendfile        on;
#tcp_nopush     on;

#keepalive_timeout  0;
keepalive_timeout  65;

#gzip  on;

server {
    listen       80;
    server_name  localhost;

    #charset koi8-r;

    #access_log  logs/host.access.log  main;

    location / {
        root   html;
        index  index.html index.htm;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on

127.0.0.1:9000
#
#location ~ .php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME
/scripts$fastcgi_script_name;
# include fastcgi_params;
#}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    #    proxy_pass   http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on

127.0.0.1:9000
#
#location ~ .php$ {
# root html;
# fastcgi_pass 127.0.0.1:9000;
# fastcgi_index index.php;
# fastcgi_param SCRIPT_FILENAME
/scripts$fastcgi_script_name;
# include fastcgi_params;
#}

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    #location ~ /\.ht {
    #    deny  all;
    #}
}


# another virtual host using mix of IP-, name-, and port-based

configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;

#    location / {
#        root   html;
#        index  index.html index.htm;
#    }
#}


# HTTPS server
#
#server {
#    listen       443;
#    server_name  localhost;

#    ssl                  on;
#    ssl_certificate      cert.pem;
#    ssl_certificate_key  cert.key;

#    ssl_session_timeout  5m;

#    ssl_protocols  SSLv2 SSLv3 TLSv1;
#    ssl_ciphers  HIGH:!aNULL:!MD5;
#    ssl_prefer_server_ciphers   on;

#    location / {
#        root   html;
#        index  index.html index.htm;
#    }
#}

}

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,215310,215310#msg-215310

Hello!

On Fri, Sep 16, 2011 at 12:16:56PM -0400, martijnsenden wrote:

user nginx nginx;
The nginx user is a member of the nginx group (which has the required
permission to view the index.html):
$ groups nginx
returns:
nginx : nginx

So, what should I do to give the worker processes of nginx access to
these files? I’m at a loss here.

Make sure nginx use have at least search permissions for all
directories above document root.

Maxim D.

Thanks! I guess by search permissions you mean read permission, not
write or execute?

Regards,
Martijn Senden.

Some googling told me search permission is often used as an alternate
name for execute permission. Thanks, I’ll try this!

Thanks! With this I got it to work! I changed the group of the server
folder and the nginx folder to nginx with the chown command and set the
permissions to (at least) execute, and now I get the welcome page! Thank
you very much! This was starting to give me headaches yesterday. :wink: