Permission denied for Nginx even if www-data user has group write access
A possible reason: when you add www-data
user to the ubuntu
group, it only affects sessions started later.
su - www-data -s /bin/bash
creates a new session, so it works fine. But Nginx is still running as www-data
user, therefore I suspect that it's the reason for the above error.
(if you switch to the www-data
user before doing a usermod -a -G ubuntu www-data
, I'm pretty sure that you will only see uid=33(www-data) gid=33(www-data) groups=33(www-data)
when typing id
)
Either restarting Nginx or do a newgrp ubuntu
after switching to www-data
user to make it take effect immediately.
Related videos on Youtube
Roman Newaza
Updated on September 18, 2022Comments
-
Roman Newaza over 1 year
Nginx is not able to write to log file even if its user has write group access. Here are some details:
www-data user is in ubuntu group:
$ id www-data uid=33(www-data) gid=33(www-data) groups=33(www-data),1000(ubuntu)
/opt/logs/ is group writable:
$ ls -ld /opt/logs/ drwxrwxr-x 2 ubuntu ubuntu 4096 2012-07-27 02:47 /opt/logs/
www-data user can create /opt/logs/1 as expected:
$ su www-data $ touch /opt/logs/1 $ ls -l /opt/logs/1 -rw-rw-r-- 1 www-data www-data 0 2012-07-27 02:47 /opt/logs/1
Nginx user:groups:
var_dump(system('whoami'), system('groups')); // string 'www-data' (length=8) // string 'www-data ubuntu' (length=15)
But Nginx is not able to write:
Warning: file_put_contents(/opt/logs/Error.log) function.file-put-contents failed to open stream: Permission denied
/opt/logs/Error.log doesn't exist
So why coudn't it write to file?
-
chocripple almost 12 yearsany /opt/logs/Error.log exists ?, if yes, what's the permission ?. check if parent directory permission also. any apparmor or selinux ?
-
Roman Newaza almost 12 yearsNo, /opt/logs/Error.log doesn't exist. If it's apparmor or selinux, why can I create a file over shell?
-
Roman Newaza almost 12 yearsFurthermore, I chowned it to ubuntu:www-data and back to ubuntu:ubuntu and now it can write!
-