Find the answer to your Linux question:
Results 1 to 9 of 9
Hi, I set up nginx on a VM somewhere and everything is working fine. Then I tried to build some directory structure under the nginx root HTML folder. I received ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    May 2010
    Posts
    23

    Can't see files in FTP nor access them from web


    Hi,

    I set up nginx on a VM somewhere and everything is working fine. Then I tried to build some directory structure under the nginx root HTML folder. I received 403 forbidden for a file so normally I assumed permissions. Using root I gave entire dir structure chmod -R a+r /usr/share/ngnix/html/myfolder. Still 403.
    Then I SFTP'd into this box using a didcated web FTP account. I am not that experienced to be able to tell how is this user set nor which permissions it has, but by default it can view all directories in the system. When navigating to the HTML root I could see myfolder but when going inside I was seeing nothing. No subfolder, no files. needless to say ls -al from bash on any of these is giving me rwxr--r-- for all files and directories.

    if I copy some arbitrary file from within the myfolder dir to html root and give it a+r it IS accessible from web and SFTP. If this were only a 403 I would assume something I am not configuring properly on nginx, but since SFTP is showing same behavior I am led to believe it is something in the directories themselves!? What else is there besides file permissions??

    Thanks,
    DB

  2. #2
    Linux Enthusiast scathefire's Avatar
    Join Date
    Jan 2010
    Location
    Western Kentucky
    Posts
    626
    is the system using selinux?
    linux user # 503963

  3. #3
    Just Joined!
    Join Date
    May 2010
    Posts
    23
    Hi Scathfire,

    I actually have no idea what it means or does, but I think not:


    [root@vps52808 /]# rpm -qa | grep selinux
    libselinux-1.33.4-5.5.el5
    libselinux-utils-1.33.4-5.5.el5
    libselinux-1.33.4-5.5.el5
    libselinux-python-1.33.4-5.5.el5
    [root@vps52808 /]# /usr/sbin/getenforce
    Disabled
    [root@vps52808 /]#

  4. $spacer_open
    $spacer_close
  5. #4
    Just Joined!
    Join Date
    Sep 2010
    Location
    Dhaka, Bangladesh
    Posts
    29
    Try running the command to check which mode SELinux is in.

    getenforce

    You could also try the command system-config-securitylevel (for RHEL..dunno whether it works on other distributions..)

  6. #5
    Just Joined!
    Join Date
    Jun 2010
    Posts
    25

    Thumbs up

    Change the context of ftp dir
    Code:
    chcon -R -t public_content_rw_t /usr/share/ngnix/html/myfolder
    change boolen of ftp share so that anyone can write into it
    Code:
    setsebool -P allow_ftpd_anon_write=1
    and then check
    Code:
    [root@station4 ~]# getsebool -a | grep -i ftp
    allow_ftpd_anon_write --> on
    allow_ftpd_full_access --> off
    allow_ftpd_use_cifs --> off
    allow_ftpd_use_nfs --> off
    allow_tftp_anon_write --> off
    ftp_home_dir --> off
    ftpd_connect_db --> off
    ftpd_disable_trans --> off
    ftpd_is_daemon --> on
    httpd_enable_ftp_server --> off
    tftpd_disable_trans --> off

    try with these options.......

  7. #6
    Just Joined!
    Join Date
    May 2010
    Posts
    23
    Guys, thanks for the responses, but don't the lines above:

    Code:
    [root@vps52808 /]# /usr/sbin/getenforce
    Disabled
    mean that SELinux is disabled?
    crazypush, chcon and setsebool are selinux commands, but if it's disabled what's the point?

    Cheers,
    DB

  8. #7
    Just Joined!
    Join Date
    May 2010
    Posts
    23
    crazypush, went ahead and tried you suggestions anyway... chcon gave me:

    chcon: can't apply partial context to unlabeled file /usr/share/nginx/html/myfolder

  9. #8
    Just Joined!
    Join Date
    Jun 2010
    Posts
    25

    Exclamation

    sorry, i didn't see that ur selinux was disabled.........

  10. #9
    Just Joined!
    Join Date
    May 2010
    Posts
    23
    Hi,

    Resolved this. As expected this was a result of my ignorance. FTP user and web server users were different. FTP user needed execute on the directories to list them (which it didn't have). Fixed it all by adding FTP user to web server group, changing ownership for entire hierarchy to web server group and giving +x to directories and +r to all files.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •