0

I am using centos 7 with nginx 1.12 to host a yum repository locally. When I try to browser the files via the browser, I can see the folders, but no files inside them. Im wondering if i might not have set the correct permissions or ownership.

This is my setup: I have synced all the packages for extras, updates etc into the path

/var/www/html/repos/centos/7/os/x86_64

The permissions look like this:

ls -l /var/www
drwxrwx--x. 3 root nginx 19 Aug 30 09:12 html

ls -l /var/www/html
drwxr-xr-x. 4 root nginx 32 Aug 30 09:12 repos

ls -l /var/www/html/repos
drwxr-xr-x. 3 root nginx 15 Aug 30 09:12 centos

ls -l /var/www/html/repos/centos
drwxr-xr-x. 3 root nginx 45 Aug 30 09:12 7

ls -l /var/www/html/repos/centos/7
drwxr-xr-x. 3 root nginx 20 Aug 30 09:12 os
drwxr-xr-x. 3 root nginx 20 Aug 30 09:12 updates
drwxr-xr-x. 3 root nginx 20 Aug 30 09:12 extras

ls -l /var/www/html/repos/centos/7/os
drwxr-xr-x. 8 alexl alexl 237 Aug 30 09:12 x86_64

I'm trying to access the packages folder via the browser and don't see any files. The permissions are:

ls -l /var/www/html/repos/centos/7/os/x86_64 | grep Packages
drwxr-x-r-x. 2 alexl alexl 565248 Aug 1 18:02 Packages

Permissions from a file inside the folder:

ls -l /var/www/html/repos/centos/7/os/x86_64/Packages | tail -1
-rw-r--r--. 1 alexl alexl 35380 Jul 4 2014 zziplib-utils-0.13.62-5.el7.x86_64.rpm

This is my nginx.conf file

user              nginx;  
worker_processes  auto;
error_log         /var/log/nginx/error.log;
pid               /run/nginx.pid;

events {
  worker_connections  1024;
}

http {
    log_format   main '$remote_addr - $remote_user [$time_local]  $status '
    '"$request" $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';

    access_log          /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    include /etc/nginx/conf.d/*.conf;

}

This is the configuration for the site:

server { # simple load balancing
  listen          80;
  server_name     mysecretdomain.com;
  root            /var/www/html/repos;

  location / {
    autoindex on;
  }
}
ARL
  • 105
  • 3
  • Do you get an error message or only an empty folder? Although it's a bit weird that you change ownership in some subfolder, either the nginx group or the "other" group always has read and execute permissions on the folders and files. So I would say the permissions are okay. – Tommiie Aug 30 '18 at 09:02
  • 1
    Check you log file for errors, also consider the SELinux security contexts and AVC denials (or simple run `restorecon -R /var/www/html/repos`) – HBruijn Aug 30 '18 at 09:21
  • I didn’t receive any errors in the logs, I’m getting 200 for hits to the folders. I’ll check the Selinux when I’m back at the computer. Thanks. – ARL Aug 30 '18 at 09:29
  • @HBruijn since your solution solved the problem, if you want to write it as an answer to the question I'll mark it as the correct solution. Thanks. – ARL Aug 30 '18 at 11:04

1 Answers1

2

In addition to regular file-system permissions RHEL and CentOS have SELinux mandatory access controls enabled by default. Most likely your files are not labelled correctly.

Since you're using the default file-system location for web content, you can restore the default SELinux security contexts with restorecon 

 restorecon -R /var/www/html/repos

Moire detailed info about troubleshooting SELinux problems: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/selinux_users_and_administrators_guide/chap-security-enhanced_linux-troubleshooting

HBruijn
  • 72,524
  • 21
  • 127
  • 192