Dave asked:
I’m using Nginx with Puma (for a Rails application) on CentOS 7. I’m confused about how to set up permissions for a file upload. Currently when I try and upload a file (submit a multi-part form), I get the following error in nginx error log
2018/02/28 16:35:48 [crit] 31241#0: *148 open() "/var/lib/nginx/tmp/client_body/0000000006" failed (13: Permission denied), client: 96.92.233.165, server: example.com, request: "POST /people HTTP/1.1", host: "example.com", referrer: "http://example.com/people/new"
I’m trying to get everything to run as the “rails” user. Below are my nginx and puma processes
[root@server /]# ps -elf | grep nginx
0 S root 944 920 0 80 0 - 2249 pipe_w 16:38 pts/1 00:00:00 grep --color=auto nginx
1 S root 31238 1 0 80 0 - 30712 rt_sig 15:06 ? 00:00:00 nginx: master process /usr/sbin/nginx
5 S rails 31239 31238 0 80 0 - 30843 ep_pol 15:06 ? 00:00:00 nginx: worker process
5 S rails 31240 31238 0 80 0 - 30843 ep_pol 15:06 ? 00:00:00 nginx: worker process
5 S rails 31241 31238 0 80 0 - 30843 ep_pol 15:06 ? 00:00:00 nginx: worker process
5 S rails 31242 31238 0 80 0 - 30843 ep_pol 15:06 ? 00:00:00 nginx: worker process
[root@server /]# ps -elf | grep puma
1 S rails 582 1 0 80 0 - 135430 poll_s 16:19 ? 00:00:00 puma 3.11.2 (tcp://0.0.0.0:3000,unix:///home/rails/scale_production/shared/sockets/puma.sock) [scale_production]
1 S rails 590 582 0 80 0 - 286725 futex_ 16:19 ? 00:00:02 puma: cluster worker 0: 582 [scale_production]
1 S rails 594 582 0 80 0 - 287282 futex_ 16:19 ? 00:00:03 puma: cluster worker 1: 582 [scale_production]
1 S rails 596 582 0 80 0 - 287255 futex_ 16:19 ? 00:00:02 puma: cluster worker 2: 582 [scale_production]
1 S rails 599 582 0 80 0 - 286939 futex_ 16:19 ? 00:00:02 puma: cluster worker 3: 582 [scale_production]
0 S root 946 920 0 80 0 - 2250 pipe_w 16:38 pts/1 00:00:00 grep --color=auto puma
and below are the perms for the problematic directory. What else should I be setting in order for this to work?
[root@server /]# ls -al /var/lib/nginx
total 12
drwx------ 3 755 rails 4096 Feb 24 14:33 .
drwxr-xr-x 23 root root 4096 Feb 24 14:33 ..
drwx------ 7 755 rails 4096 Feb 24 15:06 tmp
[root@server /]# ls -al /var/lib/nginx/tmp/client_body
total 8
drwx------ 2 rails rails 4096 Feb 24 15:06 .
drwx------ 7 755 rails 4096 Feb 24 15:06 ..
[root@server /]# ls -al /var/lib/nginx/tmp
total 28
drwx------ 7 755 rails 4096 Feb 24 15:06 .
drwx------ 3 755 rails 4096 Feb 24 14:33 ..
drwx------ 2 rails rails 4096 Feb 24 15:06 client_body
drwx------ 2 rails rails 4096 Feb 24 15:06 fastcgi
drwx------ 2 rails rails 4096 Feb 24 15:06 proxy
drwx------ 2 rails rails 4096 Feb 24 15:06 scgi
drwx------ 2 rails rails 4096 Feb 24 15:06 uwsgi
My answer:
You’re running nginx as the user named rails (which is unusual).
But one of your directories, /var/lib/nginx/tmp, is owned by the nonexistent user 755.
The usual reason this happens is mistakenly typing chown when you meant chmod.
You should be able to fix the problem by correcting the ownership of this directory.
chown rails /var/lib/nginx/tmp
BTW, you also seem to have disabled SELinux. You should fix that at the earliest opportunity.
View the full question and answer on Server Fault.
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
The post How do I set my nginx perms to allow for multipart form submissions? appeared first on Life with Linux.