70

I use Ubuntu Server 10.10 and have installed Nginx web server with apt-get install nginx. It creates a default web page at /var/www/nginx-default/ and that directory has the permissions drwxr-xr-x 2 root root.

When I access the default site on http://localhost/ I get this message on the page 403 Forbidden.

How should I set the file permissions on the www root so I can secure access the web pages? Or is there something else that I have to change?

Braiam
  • 67,791
  • 32
  • 179
  • 269
Jonas
  • 8,217
  • NOTE: the whole full path to your final folder must be accessible! Not even one folder in the middle. – Lucio Nov 03 '13 at 05:53

2 Answers2

82

I would suggest changing the group of your webroot to www-data, the user used by nginx and also php5-fpm.

For example:

sudo chown -R "$USER":www-data /webdirectory
sudo chmod -R 0755 /webdirectory

where my-user is your own account (which enables you to put the files easy in your webroot without sudo).

Community
  • 1
Peter Smit
  • 7,587
  • Thanks, the commands executed without any problems, but I still get 403 Forbidden when acessing it with a web browser. – Jonas Oct 25 '10 at 15:59
  • @Jonas, I would suggest to check your nginx error log to see what the problem was. – Peter Smit Oct 25 '10 at 16:01
  • Thanks, I found the error, it was in the error log. See my comment to Jacks answer. – Jonas Oct 25 '10 at 16:23
  • 4
    What about new files? – mcont Dec 23 '14 at 21:14
  • 1
    @MatteoContrini use chmod 2755 webdirectory/ so they are stored with the same permissions and rights – rhand Mar 06 '18 at 09:59
  • what's the '2' ? – realtebo Jul 13 '20 at 12:58
  • 1
    @realtebo it is the setgid bit, the details are too long for a comment, read here but in short: The Unix access rights flags setuid and setgid (short for "set user ID" and "set group ID") allow users to run an executable with the file system permissions of the executable's owner or group respectively and to change behaviour in directories. – avn Sep 22 '20 at 08:15
44

I usually stick to a 755 (or rwxr-xr-x) on my web root, but I do not think this is the issue you're running into since your directory is already set to that. nginx should have access to your directory. The question then becomes the permissions (or existence of) the file you're trying to access. The files within your directory will need to be readable by the user nginx is running as. I usually leave these files set to a 755 (the same as the directory). You can change the entire directory by doing sudo chmod -R 755 /var/www/nginx-default/.

If there is not an index file in the directory, however, you will still get the same error. The index file is used when you request a directory that doesn't have directory listings enabled. The most common index file is index.html. This default can be edited in your config, however, using something like:

location / {
    index index.php;
}

If you want nginx to generate a list of files in that directory for you, simply turn on directory indexing, like so:

location  /  {
  autoindex  on;
}
Jack M.
  • 807
  • No I have an index.html in that directory. – Jonas Oct 25 '10 at 15:33
  • What permissions does your index.html have, then? – Jack M. Oct 25 '10 at 15:36
  • Thanks, the confiugration file actually pointed to /var/www/ and the generated index.html was placed in /var/www/nginx-default/ so I had to copy that file with cp /var/www/nginx-default/index.html /var/www/ after that I could visit the site with my web browser. – Jonas Oct 25 '10 at 16:22
  • Better to update your nginx confg than host that file out of www – b_dubb Feb 29 '24 at 21:18