Permission denied when Nginx tries to write image file

Question

I'm using Nginx for a Linux server and I have this folder /usr/local/openresty/nginx/webfolder/img where I want nginx to save my uploaded image files.

So, this is what I did:

1) I changed the owner of the directory to www-data user in www-data group:

chown -R www-data:www-data /usr/local/openresty/nginx/webfolder/img

2) Then I updated the permissions of the directory:

sudo chmod 0600 /usr/local/openresty/nginx/webfolder/img

Lua upload err part (where I log the err):

fileToSave, errMessage = io.open(savefiletarget, "w+b")
                        if not fileToSave then
                            --ngx.say("failed to open file ", savefiletarget)
                            ngx.log(ngx.NOTICE,'failed to save file : '..savefiletarget..' reason: '..errMessage);
                            ngx.say('{"filename" : "'..filenametosave..'","status" : 0 ,"message":"failed to open file"}')
                            return
                        end

Right now my error log still shows Permission Denied when I try to upload the file.

I assume www-data is the user that nginx uses right? So why I'm not able to still write the file?

What distro are you using? Things like what user runs a webserver can vary from one to another. — Joseph Montanaro, Jun 05 '18 at 02:18
@JosephMontanaro Ubuntu 16.04.3 LTS (GNU/Linux 4.4.0-124-generic x86_64) — Joshua Rajandiran, Jun 05 '18 at 02:41

score 3 · Accepted Answer · answered Jun 05 '18 at 05:48

3

You gave the directory the wrong permissions. 0600 will give read and write permissions to the directory. But to access a directory, you also need execute permission. Here's an example:

[jenny@temeraire sf] $ mkdir test1
[jenny@temeraire sf] $ chmod 0600 test1
[jenny@temeraire sf] $ touch test1/foo
touch: test1/foo: Permission denied
[jenny@temeraire sf] $ chmod 0700 test1
[jenny@temeraire sf] $ touch test1/foo
[jenny@temeraire sf] $ ls -ld test1/foo
-rw-r--r--  1 jenny  staff  0 Jun  5 07:46 test1/foo

answered Jun 05 '18 at 05:48

Jenny D

27,358
21
74
110

Thanks, it worked btw I'd like to add that my nginx.conf file also didnt have the `www-data` group and user specified. Nginx was using `nobody` for the worker processes. Btw, I also reset the owner of the directory back to `root` and only changed the permissions via `chmod` command. Worked for me. – Joshua Rajandiran Jun 05 '18 at 09:17

score 0 · Answer 2 · answered Jun 05 '18 at 04:16

Look for the user directive in /etc/nginx/nginx.conf, which is the main configuration file.

If that's not present, then you can inspect the running process with a command like ps -fwwC nginx. The user ID will probably be the left-most column.

Then you can whether that user has a particular privilege for a particular filemode like sudo -u nginx test -w /usr/local/openresty/nginx/webfolder/img && { echo YUP; } || { echo NOPE; } which will return errexit > 0 (NOPE) unless user "nginx" has write privilege in that directory.

If not, then you probably need to add the user to the permission group that owns that directory and change the filemode of the dir to allow group write like sudo useradd -aG www-data nginx; sudo chmod g+w -c /usr/local/openresty/nginx/webfolder/img.

Permission denied when Nginx tries to write image file

2 Answers2