LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-16-2019, 05:06 AM   #1
newbie14
Member
 
Registered: Sep 2011
Posts: 557

Rep: Reputation: Disabled
Keep getting permission denied for nginx server on Centos 7


I have a new server which I moved to nginx on centos 7. Below is my config file for nginx.
From the default config file I have added few things like. Some I have commented out. For whatever page I keep getting this message "GET HTTP/1.1" 403 564 "-" "Mozilla/5.0 permission error.

I have run this command
chmod -R 0444 /var/www/html/
chown -R nginx:nginx /var/www/html

I have confirm everything in /var/www/html is owned by nginx but yet I get this permission denied error. What else should I set e.g. permission etc.

Quote:
add_header X-Frame-Options "SAMEORIGIN";
#include /etc/nginx/blockuseragents.rules;
#limit_conn_zone $binary_remote_addr zone=addr:5m;

#include /etc/nginx/blockuseragents.rules;
#limit_conn_zone $binary_remote_addr zone=addr:5m;
root /var/www/html;
#limit_conn addr 5;
server_tokens off;
add_header X-XSS-Protection "1; mode=block";
if ($request_method !~ ^(GET|HEAD|POST)$ )
{
return 405;
}
# Load configuration files for the default server block.
#include /etc/nginx/default.d/*.conf;
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
Quote:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
worker_connections 1024;
}

http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
add_header X-Frame-Options "SAMEORIGIN";
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;

include /etc/nginx/mime.types;
default_type application/octet-stream;

# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
#include /etc/nginx/conf.d/*.conf;
#include /etc/nginx/blockuseragents.rules;
#limit_conn_zone $binary_remote_addr zone=addr:5m;
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
root /var/www/html;
#limit_conn addr 5;
server_tokens off;
add_header X-XSS-Protection "1; mode=block";
if ($request_method !~ ^(GET|HEAD|POST)$ )
{
return 405;
}
# Load configuration files for the default server block.
#include /etc/nginx/default.d/*.conf;
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}

location / {
}

error_page 404 /404.html;
location = /40x.html {
}

error_page 500 502 503 504 /50x.html;
location = /50x.html {
}



}

# Settings for a TLS enabled server.
#
# server {
# listen 443 ssl http2 default_server;
# listen [::]:443 ssl http2 default_server;
# server_name _;
# root /usr/share/nginx/html;
#
# ssl_certificate "/etc/pki/nginx/server.crt";
# ssl_certificate_key "/etc/pki/nginx/private/server.key";
# ssl_session_cache shared:SSL:1m;
# ssl_session_timeout 10m;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
#
# # Load configuration files for the default server block.
# include /etc/nginx/default.d/*.conf;
#
# location / {
# }
#
# error_page 404 /404.html;
# location = /40x.html {
# }
#
# error_page 500 502 503 504 /50x.html;
# location = /50x.html {
# }
# }

}






 
Old 05-16-2019, 05:12 AM   #2
tyler2016
Member
 
Registered: Sep 2018
Distribution: Debian, CentOS, FreeBSD
Posts: 183

Rep: Reputation: Disabled
Try using chmod 555 instead of 444. You need to set the execute bit on directories.
 
Old 05-17-2019, 10:39 AM   #3
newbie14
Member
 
Registered: Sep 2011
Posts: 557

Original Poster
Rep: Reputation: Disabled
Hi Tyler,
It seems to be working but why must put 555 isnt executable is dangerous where hacker could start some attack via this permission?
Quote:
Originally Posted by tyler2016 View Post
Try using chmod 555 instead of 444. You need to set the execute bit on directories.
 
Old 05-17-2019, 10:54 AM   #4
tyler2016
Member
 
Registered: Sep 2018
Distribution: Debian, CentOS, FreeBSD
Posts: 183

Rep: Reputation: Disabled
https://superuser.com/questions/1685...-be-executable
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Webserver Root Folder Permission denied for Nginx Server Blocks on CentOS 7.2 vgaven Linux - Server 4 07-28-2017 04:03 AM
What command to copy from desktop to server? Getting "permission denied" tgaler1 Linux - Newbie 3 07-28-2009 12:45 PM
keep getting disconnected, keep having to invoke dhclient funkymunky Linux - Wireless Networking 1 04-01-2007 10:36 AM
Keep getting "Permission Denied" when trying to write files dunnd40 Debian 2 02-01-2004 10:29 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 02:04 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration