V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
V2EX 提问指南
hobbyliu
V2EX  ›  问与答

设置了 WEB 目录 777 权限, nginx 依旧提示 403. 求大神解析。

  •  
  •   hobbyliu · 2015-05-27 11:04:23 +08:00 · 14102 次点击
    这是一个创建于 3500 天前的主题,其中的信息可能已经有所发展或是发生改变。
    [root@localhost ~]# tail -f /var/log/nginx/error.log 
    2015/05/27 10:28:44 [error] 1016#0: *3 open() "/home/hobby/service/index.html" failed (13: Permission denied), client: 192.168.56.1, server: lumentest, request: "GET / HTTP/1.1", host: "lumentest"
    2015/05/27 10:28:47 [error] 1016#0: *3 open() "/home/hobby/service/index.html" failed (13: Permission denied), client: 192.168.56.1, server: lumentest, request: "GET / HTTP/1.1", host: "lumentest"
    
    19 条回复    2015-05-28 00:01:36 +08:00
    lzk800
        1
    lzk800  
       2015-05-27 11:05:31 +08:00
    nginx的配置文件发出来看看
    hobbyliu
        2
    hobbyliu  
    OP
       2015-05-27 11:11:41 +08:00
    ```
    user nginx;
    worker_processes 1;

    error_log /var/log/nginx/error.log;
    #error_log /var/log/nginx/error.log notice;
    #error_log /var/log/nginx/error.log info;

    pid /run/nginx.pid;


    events {
    worker_connections 1024;
    }


    http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log main;

    sendfile on;
    #tcp_nopush on;

    #keepalive_timeout 0;
    keepalive_timeout 65;

    #gzip on;

    index index.html index.htm;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
    =====================================
    server {
    listen 80;
    server_name lumentest;
    root /home/hobby/service;
    #root /usr/share/nginx/html;
    index index.html index.htm;

    #charset koi8-r;

    #access_log logs/host.access.log main;

    location / {
    }

    #error_page 404 /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
    root html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    # proxy_pass http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
    root /home/hobby/service;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
    include fastcgi_params;
    }
    ```
    hobbyliu
        3
    hobbyliu  
    OP
       2015-05-27 11:12:36 +08:00
    @lzk800

    ```
    user nginx;
    worker_processes 1;

    error_log /var/log/nginx/error.log;
    #error_log /var/log/nginx/error.log notice;
    #error_log /var/log/nginx/error.log info;

    pid /run/nginx.pid;


    events {
    worker_connections 1024;
    }


    http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log main;

    sendfile on;
    #tcp_nopush on;

    #keepalive_timeout 0;
    keepalive_timeout 65;

    #gzip on;

    index index.html index.htm;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;
    =====================================
    server {
    listen 80;
    server_name lumentest;
    root /home/hobby/service;
    #root /usr/share/nginx/html;
    index index.html index.htm;

    #charset koi8-r;

    #access_log logs/host.access.log main;

    location / {
    }

    #error_page 404 /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
    root html;
    }

    # proxy the PHP scripts to Apache listening on 127.0.0.1:80
    #
    #location ~ \.php$ {
    # proxy_pass http://127.0.0.1;
    #}

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
    root /home/hobby/service;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
    include fastcgi_params;
    }
    ```
    lzk800
        4
    lzk800  
       2015-05-27 11:15:24 +08:00
    user nginx

    你确认一下系统中是否有nginx这个用户
    Csineneo
        5
    Csineneo  
       2015-05-27 11:17:02 +08:00
    把 /home/hobby/service 從 /home 裡面移出去
    a842543374
        6
    a842543374  
       2015-05-27 11:19:25 +08:00   ❤️ 1
    1.看一下上一级目录的权限
    2.如果是centos,看一下selinux是否关闭了
    hobbyliu
        7
    hobbyliu  
    OP
       2015-05-27 11:19:59 +08:00
    @lzk800 确实没有NGINX用户,我注释掉此行?还是换成 user www?
    Dk2014
        8
    Dk2014  
       2015-05-27 11:21:07 +08:00 via Android
    chown -R nginx /home/hobby/service
    chown -R nginx /var/log/nginx
    service nginx restart
    czheo
        9
    czheo  
       2015-05-27 11:22:03 +08:00
    chmod 755 /home
    chmod 755 /home/hobby
    abcfyk
        10
    abcfyk  
       2015-05-27 11:23:12 +08:00
    如果是production环境,建议保持现状。访问程序目录应当是403的,这是安全问题。
    如果是开发环境,一个要看目录权限,看看nginx.conf的user是谁,可以把www目录chown user:user www 一下,第二看看访问目录下的文件是否正常。正常的话就不是文件夹权限的问题,是nginx配置的问题。可以加一句 allow from all; 不过产品环境千万别加。
    lsj5031
        11
    lsj5031  
       2015-05-27 11:28:14 +08:00
    哈,其实因为你的网站放在home下了,home下面子目录好像默认没有x权限,别的用户cd不进去的。
    wesley
        12
    wesley  
       2015-05-27 11:28:50 +08:00
    fastcgi_pass没设置
    hobbyliu
        13
    hobbyliu  
    OP
       2015-05-27 11:31:31 +08:00
    @lsj5031 但是我设置 /home/hobby 777 ,为何还是不行呢
    lsj5031
        14
    lsj5031  
       2015-05-27 11:42:04 +08:00
    @hobbyliu 我这么说是因为前几天我也是弄个玩具的时候碰到同样的问题一路追踪下来还是home子目录的权限问题。你也可以看看现在 nginx是什么用户跑,然后看看这个用户是否有权限一步一步访问到绝对路径上上的每一个目录。我是用sudo -u 加 ls 测试的……
    777始终是要改掉的……你这变量控制得太暴力了
    Keinez
        15
    Keinez  
       2015-05-27 11:56:35 +08:00
    其他人说配置问题,我说下777。你这个777等于所有者+组+其他用户都有权限读写执行……最好不要这么干。

    详见:
    http://en.wikipedia.org/wiki/Chmod
    lincanbin
        16
    lincanbin  
       2015-05-27 11:58:29 +08:00
    chown -r更改所有者为nginx的运行用户
    mytharcher
        17
    mytharcher  
       2015-05-27 12:01:10 +08:00
    前天刚碰到这个问题,手贱把 `/home/自己` 目录设为了 700(所有网站项目挂在自己的目录下),结果查了半天才发现,改回 755 就可以了。
    hzqim
        18
    hzqim  
       2015-05-27 17:22:58 +08:00
    您的网站是静态吗?
    如果是php程序,
    那么 index 项目必须这样
    index index.php index.html index.htm;
    您不指定index.php,nginx就去家中index.html,但是您的index.html 不存在。。。
    hsyu53
        19
    hsyu53  
       2015-05-28 00:01:36 +08:00 via Android
    配置fastcgi_pass,使之与/etc/php5/fpm/pool.d/www.conf中listen项一致。本机上建议用unix socket
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   4017 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 24ms · UTC 00:59 · PVG 08:59 · LAX 16:59 · JFK 19:59
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.