NGINX - Permission Denied

[LeChris]

Client Error

You must be registered for see images attach

Error Log - cat /var/log/nginx/error.log
2018/10/12 00:05:59 [error] 6043#0: *1 "/hotel/groups/index.html" is forbidden (13: Permission denied), client: *redacted*, server: groups.habfort.us, request: "GET / HTTP/1.1", host: "groups.habfort.us"
User Check - ps aux|grep nginx|grep -v grep
root 6042 0.0 0.0 120808 2092 ? Ss 00:05 0:00 nginx: master process /usr/sbin/nginx
root 6043 0.0 0.0 121268 3568 ? S 00:05 0:00 nginx: worker process
CHMOD Check - stat --format '%a' /hotel/groups/index.html
777
NGINX Config - Main

user root;
error_log /var/log/nginx/error.log;
# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
    worker_connections 1024;
}
http {
    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;
    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;
    include /etc/nginx/conf.d/*;
}

NGINX Config - Groups

server {
  listen 80;
  server_name groups.habfort.us;
  root /hotel/groups;
  index index.html index.htm;
  location / {
    try_files $uri $uri/ /index.html;
  }
}

What's going on??

 

[Ecko]

what's wrong is you're running nginx as root lol
why does your index file need 0777 perms
stat -c '%U %G' /hotel/groups/index.html

 

[LeChris]

what's wrong is you're running nginx as root lol
why does your index file need 0777 perms
stat -c '%U %G' /hotel/groups/index.html

It was running as user: nginx but I changed it to root trying to figure out wtf is going on
Returns "root root"

 

[Ecko]

stat /hotel/{,groups}

dunno why changing the user would matter

 

[LeChris]

I was assuming that since root has sudo access - then nginx should be able to always access the files

  File: ‘/hotel/’
  Size: 55              Blocks: 0          IO Block: 4096   directory
Device: 801h/2049d      Inode: 8421509     Links: 6
Access: (0777/drwxrwxrwx)  Uid: (    0/    root)   Gid: (    0/    root)
Context: unconfined_u:object_r:default_t:s0
Access: 2018-10-12 00:01:17.933192509 +0000
Modify: 2018-10-11 23:55:31.540380100 +0000
Change: 2018-10-12 00:01:17.933192509 +0000
 Birth: -
  File: ‘/hotel/groups’
  Size: 24              Blocks: 0          IO Block: 4096   directory
Device: 801h/2049d      Inode: 18158317    Links: 2
Access: (0777/drwxrwxrwx)  Uid: (    0/    root)   Gid: (    0/    root)
Context: unconfined_u:object_r:default_t:s0
Access: 2018-10-12 00:01:18.040202337 +0000
Modify: 2018-10-11 23:56:59.211431731 +0000
Change: 2018-10-12 00:01:18.040202337 +0000
 Birth: -

 

[Ecko]

getenforce

stop using root to do everything and stop using 0777 perms

 

[LeChris]

Returned "Enforcing"

 

[Ecko]

Set it to permissive

 

[LeChris]

That did it, ty