Cannot stat 'direction', permission denied when permission's are set
Bear with me I am still new to Linux. I have a web server that is trying to access a public folder under a users account.
Problem
I am running an nginx server that is trying to access the maintenance page within an applications shared public folder and receives permission denied errors.
Basics
- Application user:
quotrand primary group:app - Webserver user:
ubuntuand primary group:www-data - Application home:
/home/quotr/app - Application shared public folder:
/home/quotr/app/shared - Absolute path of maintenance file:
/home/quotr/app/shared/public/system/maintenance.html
Groups:
I initially only added the www-data group to the app group hoping to fix the issue. When that didn't work, I also added the group going the other way.
www-data:x:33:apache,quotr
ubuntu:x:1000:
app:x:1001:quotr,ubuntu,www-dataOwnership
The ownership for the whole application tree belong to quotr:app. When I started receiving the permission problems, I changed the ownership along public/system/maintenance.html portion of the path to the maintenance page (/home/quotr/app/shared/public/system/maintenance.html) to quotr:www-data.
Permissions
Starting at /var/www/quotr-public and working our way down:
# ls -la
drwxr-xr-x 4 quotr www-data 4096 Mar 3 21:49 .
drwxr-xr-x 5 quotr www-data 4096 Mar 3 21:49 ..
drwxr-xr-x 5 quotr www-data 4096 Mar 4 16:00 assets
drwxr-xr-x 3 quotr www-data 4096 Mar 4 19:03 system
# cd to system ls -la
drwxr-xr-x 3 quotr www-data 4096 Mar 4 19:03 .
drwxr-xr-x 4 quotr www-data 4096 Mar 3 21:49 ..
-rwxr-x--- 1 quotr www-data 3004 Mar 4 19:03 maintenance.html
drwxr-xr-x 3 quotr www-data 4096 Mar 3 21:51 picturesTesting
I am testing the permissions using the following command:
sudo -u www-data stat /home/quotr/app/shared/public/which results in permission denied.
Last Ditch
As a last ditch attempt, I created the following symlink:
quotr-public -> /home/quotr/app/shared/public/Which I am able to run the following successfully but no deeper:
sudo -u www-data stat /var/www/quotr-publicI am at a complete loss of what the problem is at this point. Any guidance would be greatly appreciated.
Edit 1
I have continued farting around with permissions so these might be a little difference, but please find below the output requested. Output of 'namei -lx /home/quotr/app/shared/public/system/maintenance.html'
Drwxr-xr-x root root /
drwxr-xr-x root root home
drwx------ quotr app quotr
drwxr-xr-x quotr app app
drwxr-xr-x quotr www-data shared
drwxr-xr-x quotr www-data public
drwxr-xr-x quotr www-data system
-rw-r--r-- quotr app maintenance.htmlOutput of 'namei -lx /var/www/quotr-public/system/maintenance.html '
Drwxr-xr-x root root /
drwxr-xr-x root root var
drwxrwsr-x root www-data www
lrwxrwxrwx ubuntu www-data quotr-public -> /home/quotr/app/shared/public/
Drwxr-xr-x root root /
drwxr-xr-x root root home
drwx------ quotr app quotr
drwxr-xr-x quotr app app
drwxr-xr-x quotr www-data shared
drwxr-xr-x quotr www-data public
drwxr-xr-x quotr www-data system
-rw-r--r-- quotr app maintenance.htmlThanks.
81 Answer
I think you almost had it there with help from muru. All folders in the tree do need to be executable by www-data. Since the quotr folder is owned by the app group and www-data is in the app group, it'd be better to give exec to the group instead of others:
chmod g+x quotrAs a side suggestion... I have built several websites with nginx as www-data. What has worked well for me is to let www-data own everything as user and group. Then I add my user & whoever else needs access to the www-data group.
4
