首页   注册   登录
V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
Coding
V2EX  ›  问与答

设置了 WEB 目录 777 权限, nginx 依旧提示 403. 求大神解析。

  •  
  •   hobbyliu · 2015-05-27 11:04:23 +08:00 · 11601 次点击
    这是一个创建于 1659 天前的主题,其中的信息可能已经有所发展或是发生改变。
    [[email protected] ~]# tail -f /var/log/nginx/error.log 
    2015/05/27 10:28:44 [error] 1016#0: *3 open() "/home/hobby/service/index.html" failed (13: Permission denied), client: 192.168.56.1, server: lumentest, request: "GET / HTTP/1.1", host: "lumentest"
    2015/05/27 10:28:47 [error] 1016#0: *3 open() "/home/hobby/service/index.html" failed (13: Permission denied), client: 192.168.56.1, server: lumentest, request: "GET / HTTP/1.1", host: "lumentest"
    
    19 回复  |  直到 2015-05-28 00:01:36 +08:00
        1
    lzk800   2015-05-27 11:05:31 +08:00
    nginx的配置文件发出来看看
        2
    hobbyliu   2015-05-27 11:11:41 +08:00
    ```
    user nginx;
    worker_processes 1;

    error_log /var/log/nginx/error.log;
    #error_log /var/log/nginx/error.log notice;
    #error_log /var/log/nginx/error.log info;

    pid /run/nginx.pid;


    events {
    worker_connections 1024;
    }


    http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log main;

    sendfile on;
    #tcp_nopush on;

    #keepalive_timeout 0;
    keepalive_timeout 65;

    #gzip on;

    index index.html index.htm;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
    =====================================
    server {
    listen 80;
    server_name lumentest;
    root /home/hobby/service;
    #root /usr/share/nginx/html;
    index index.html index.htm;

    #charset koi8-r;

    #access_log logs/host.access.log main;

    location / {
    }

    #error_page 404 /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
    root html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    # proxy_pass http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
    root /home/hobby/service;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
    include fastcgi_params;
    }
    ```
        3
    hobbyliu   2015-05-27 11:12:36 +08:00
    @lzk800

    ```
    user nginx;
    worker_processes 1;

    error_log /var/log/nginx/error.log;
    #error_log /var/log/nginx/error.log notice;
    #error_log /var/log/nginx/error.log info;

    pid /run/nginx.pid;


    events {
    worker_connections 1024;
    }


    http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log main;

    sendfile on;
    #tcp_nopush on;

    #keepalive_timeout 0;
    keepalive_timeout 65;

    #gzip on;

    index index.html index.htm;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
    =====================================
    server {
    listen 80;
    server_name lumentest;
    root /home/hobby/service;
    #root /usr/share/nginx/html;
    index index.html index.htm;

    #charset koi8-r;

    #access_log logs/host.access.log main;

    location / {
    }

    #error_page 404 /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
    root html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    # proxy_pass http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
    root /home/hobby/service;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
    include fastcgi_params;
    }
    ```
        4
    lzk800   2015-05-27 11:15:24 +08:00
    user nginx

    你确认一下系统中是否有nginx这个用户
        5
    Csineneo   2015-05-27 11:17:02 +08:00
    把 /home/hobby/service 從 /home 裡面移出去
        6
    a842543374   2015-05-27 11:19:25 +08:00   ♥ 1
    1.看一下上一级目录的权限
    2.如果是centos,看一下selinux是否关闭了
        7
    hobbyliu   2015-05-27 11:19:59 +08:00
    @lzk800 确实没有NGINX用户,我注释掉此行?还是换成 user www?
        8
    Dk2014   2015-05-27 11:21:07 +08:00 via Android
    chown -R nginx /home/hobby/service
    chown -R nginx /var/log/nginx
    service nginx restart
        9
    czheo   2015-05-27 11:22:03 +08:00
    chmod 755 /home
    chmod 755 /home/hobby
        10
    abcfyk   2015-05-27 11:23:12 +08:00
    如果是production环境,建议保持现状。访问程序目录应当是403的,这是安全问题。
    如果是开发环境,一个要看目录权限,看看nginx.conf的user是谁,可以把www目录chown user:user www 一下,第二看看访问目录下的文件是否正常。正常的话就不是文件夹权限的问题,是nginx配置的问题。可以加一句 allow from all; 不过产品环境千万别加。
        11
    lsj5031   2015-05-27 11:28:14 +08:00
    哈,其实因为你的网站放在home下了,home下面子目录好像默认没有x权限,别的用户cd不进去的。
        12
    wesley   2015-05-27 11:28:50 +08:00
    fastcgi_pass没设置
        13
    hobbyliu   2015-05-27 11:31:31 +08:00
    @lsj5031 但是我设置 /home/hobby 777 ,为何还是不行呢
        14
    lsj5031   2015-05-27 11:42:04 +08:00
    @hobbyliu 我这么说是因为前几天我也是弄个玩具的时候碰到同样的问题一路追踪下来还是home子目录的权限问题。你也可以看看现在 nginx是什么用户跑,然后看看这个用户是否有权限一步一步访问到绝对路径上上的每一个目录。我是用sudo -u 加 ls 测试的……
    777始终是要改掉的……你这变量控制得太暴力了
        15
    Keinez   2015-05-27 11:56:35 +08:00
    其他人说配置问题,我说下777。你这个777等于所有者+组+其他用户都有权限读写执行……最好不要这么干。

    详见:
    http://en.wikipedia.org/wiki/Chmod
        16
    lincanbin   2015-05-27 11:58:29 +08:00
    chown -r更改所有者为nginx的运行用户
        17
    mytharcher   2015-05-27 12:01:10 +08:00
    前天刚碰到这个问题,手贱把 `/home/自己` 目录设为了 700(所有网站项目挂在自己的目录下),结果查了半天才发现,改回 755 就可以了。
        18
    hzqim   2015-05-27 17:22:58 +08:00
    您的网站是静态吗?
    如果是php程序,
    那么 index 项目必须这样
    index index.php index.html index.htm;
    您不指定index.php,nginx就去家中index.html,但是您的index.html 不存在。。。
        19
    hsyu53   2015-05-28 00:01:36 +08:00 via Android
    配置fastcgi_pass,使之与/etc/php5/fpm/pool.d/www.conf中listen项一致。本机上建议用unix socket
    关于   ·   FAQ   ·   API   ·   我们的愿景   ·   广告投放   ·   感谢   ·   实用小工具   ·   1017 人在线   最高记录 5043   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.3 · 55ms · UTC 19:50 · PVG 03:50 · LAX 11:50 · JFK 14:50
    ♥ Do have faith in what you're doing.