Nginx file permission denied

selinux: Nginx file permission denied

问题

CentOS下,装了一个全新的nginx, 把一些文件放到缺省的Document_Root目录下(/usr/share/nginx/html), 从浏览器端无法访问,nginx日志 总是报 file permission denied.

一开始以为是nginx进程的运行用户nginx没有权限访问那些文件,尝试chmod仍然无效. 后来突然想起可能和 selinux 相关

selinux

  1. 尝试运行命令chcon -Rt httpd_sys_content_t /usr/share/nginx/html, 问题得以解决
  2. man chcon: change file SELINUX security context
    • -R代表recursive
    • -t代表selinux context type
  3. ls查看一个文件的selinux context, ls -Z

参考

请参考Managing confined services the apache http server

httpd_sys_content_t

Use this type for static web content, such as .html files used by a static website. Files labeled with this type are accessible (read only) to httpd and scripts executed by httpd. By default, files and directories labeled with this type cannot be written to or modified by httpd or other processes. Note that by default, files created in or copied into /var/www/html/ are labeled with the httpd_sys_content_t type.

Tags:linux   Tags:selinux   Tags:nginx   Tags:httpd
Written on May 7, 2018