Join the community today
Register Now

Nginx Nginx permission issues

Discussion in 'Install & Upgrades or Pre-Install Questions' started by Robert, Sep 7, 2014.

Tags:
  1. Robert

    Robert New Member

    8
    1
    3
    Sep 7, 2014
    Ratings:
    +1
    Local Time:
    7:40 AM
    Nginx 1.7.4
    MariaDB 5.5
    Hi,

    I am trying to install Nginx from last couple of days but not able to get around it as I want.
    So I used Centmin Mod on Linode 1GB plan VPS. Although server is running but have coupld of issues and cuncerns.


    1. I added a host with centmin.sh and it gave permissions to nginx:nginx which does not allow me (as user) to read write in folder. How can I change it to user:user and to all future domains added from centmin too.
    EDIT: I have a user account. I do not use root for daily operations.

    2. If I change any config files, will I be able to update my server via centmin without worrying about overwriting my changes.
     
    Last edited: Sep 7, 2014
  2. dorobo

    dorobo Active Member

    420
    104
    43
    Jun 6, 2014
    Ratings:
    +162
    Local Time:
    10:10 AM
    latest
    latest
    nginx:nginx is the right permission. Aren't you running as root?
     
  3. Robert

    Robert New Member

    8
    1
    3
    Sep 7, 2014
    Ratings:
    +1
    Local Time:
    7:40 AM
    Nginx 1.7.4
    MariaDB 5.5
    Sorry I forgot to mention. Just edited original post.

    I have a user account. I do not use root for daily operations. Uploading website files, editing etc.
     
  4. eva2000

    eva2000 Administrator Staff Member

    53,614
    12,139
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,683
    Local Time:
    12:10 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    only root user can chown user/group changes from root:root ;)
     
  5. Robert

    Robert New Member

    8
    1
    3
    Sep 7, 2014
    Ratings:
    +1
    Local Time:
    7:40 AM
    Nginx 1.7.4
    MariaDB 5.5
    What?

    I know how to change ownership with root and I can easily change /home/nginx/ folder ownership to my user but then nginx will not have permissions to read and write in domain. What I want is to run nginx as my user. How to do that.

    If I edit nginx.conf file and chnage user from nginx to my user, will that make nginx to run as user? I did that and it does not work. Nginx is not able to write or read.
     
  6. eva2000

    eva2000 Administrator Staff Member

    53,614
    12,139
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,683
    Local Time:
    12:10 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    The way Centmin Mod sets up Nginx right now, you can only run domain site files as user/group = nginx/nginx as it's legacy structure from original Centmin. Only when proper jailed/chroot user features roll out will you have per user/group per domains - see preview and explanation at Previews - Jailed / chrooted SFTP & SSH user Nginx vhost menu | Centmin Mod Community

    Getting started guide step 2 has info Getting Started with Centmin Mod

    Location you upload files is listed when you created your new Nginx vhost:

    upload files to /home/nginx/domains/newdomain.com/public

    Whenever you completed uploading new files, you'd need to give them correct user and group permissions within SSH window as root user type:
    Code:
    chown -R nginx:nginx /home/nginx/domains/newdomain.com/public
    
    You do not need to do this will files created via PHP-FPM or Nginx, i.e. if you use Wordpress and used Wordpress admin to add a new Wordpress plugin, the plugin will automatically have nginx user and group permissions as it was processed by PHP-FPM.

    To verify the files and directories are with nginx user and group permissions, use command
    Code:
    ls -lah directorypath
    
    i.e.
    Code:
    ls -lah /home/nginx/domains/newdomain.com/public
    total 36K
    drwxr-sr-x 2 nginx nginx 151 Aug 11 05:24 .
    drwxr-sr-x 6 nginx nginx 56 Aug 11 05:24 ..
    -rw-r--r-- 1 nginx nginx 1.6K Aug 11 05:24 403.html
    -rw-r--r-- 1 nginx nginx 1.6K Aug 11 05:24 404.html
    -rw-r--r-- 1 nginx nginx 2.1K Aug 11 05:24 500.html
    -rw-r--r-- 1 nginx nginx 2.1K Aug 11 05:24 502.html
    -rw-r--r-- 1 nginx nginx 2.2K Aug 11 05:24 503.html
    -rw-r--r-- 1 nginx nginx 2.1K Aug 11 05:24 504.html
    -rw-r--r-- 1 nginx nginx 2.2K Aug 11 05:24 50x.html
    -rw-r--r-- 1 nginx nginx 1.2K Aug 11 05:24 index.html
    -rw-r--r-- 1 nginx nginx 2.2K Aug 11 05:24 maintenance.html
    
     
  7. Robert

    Robert New Member

    8
    1
    3
    Sep 7, 2014
    Ratings:
    +1
    Local Time:
    7:40 AM
    Nginx 1.7.4
    MariaDB 5.5
    You are right. Centmin is installed in a way, we can not change nginx user or it will break server. I know because I tried it alrady and I had to setup server again. lol

    But I think there should be an option to change user in centmin before start installing. Because it's too much hassel to just update one single file on server.

    Since most people turn off direct root login via SSH or SFTP (for security reasons). To upload a file, these are the steps
    1. Upload file via user
    2. SSH with user and then login to root.
    3. Move file to /home/nginx/domains/newdomain.com/public with root user
    4. Run chown
    And if you are making chnages on your website theme then you will probably have to repeat these steps 100 times a day.

    I think that defeats the whole purpose of this mod. It is suppose to make life easier and save time by installing all these components in one shot. infact, it does save time in installing server but it also increases post installation work.

    For now I am trying to setup server manually. Will come back later if I find centmin suitable for a website/server.

    Thank you and keep up good work.
     
  8. eva2000

    eva2000 Administrator Staff Member

    53,614
    12,139
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,683
    Local Time:
    12:10 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah understand your point. You can always setup a cronjob to change the user/group on /home/nginx/domains/newdomain.com/public

    For me, i rarely upload files via SFTP and if I do its as root user direct into /home/nginx/domains/newdomain.com/public. Then I do it all via SSH window if I need to update files i.e. upgrade Xenforo just upload zip file then SSH in and unzip, chown -R nginx:nginx and cp files over.
     
  9. dorobo

    dorobo Active Member

    420
    104
    43
    Jun 6, 2014
    Ratings:
    +162
    Local Time:
    10:10 AM
    latest
    latest
    I don't think anyone running Centminmod is not logging directly as root. Anyone?

    Use PubkeyAuthentication if you're concerned with security.
     
  10. eva2000

    eva2000 Administrator Staff Member

    53,614
    12,139
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,683
    Local Time:
    12:10 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah most folks using Centmin Mod will be using root user.

    Another method some folks use is setup SFTP user at /home/username/public and upload to that folder and set a cronjob or write a script that auto moves files from /home/username/public to /home/nginx/domains/newdomain.com/public with nginx:nginx user/group.
     
  11. Robert

    Robert New Member

    8
    1
    3
    Sep 7, 2014
    Ratings:
    +1
    Local Time:
    7:40 AM
    Nginx 1.7.4
    MariaDB 5.5
    I am already doing that. Of course for my user account since I never allow direct root login with or without password. In fact you will never need to be root unless you update server or change configuration.

    Don't you think that's because they don't have any other better option.
     
    Last edited: Sep 7, 2014
  12. Robert

    Robert New Member

    8
    1
    3
    Sep 7, 2014
    Ratings:
    +1
    Local Time:
    7:40 AM
    Nginx 1.7.4
    MariaDB 5.5
    Yes, it's an option but cron job is never a good idea for this purpose because unless you are running it every 60 sec (or similar), it will not update website imedieately and also this might break website because you uploaded a file with errors (of course by mistake and we make fair share of em) and you will have to wait for next cron to run and update correct file or follow my steps in previous posts.

    Anyway the way I undrstand I have two options.
    1. Either I only use root logiin.
    2. or I use cron job.
     
  13. eva2000

    eva2000 Administrator Staff Member

    53,614
    12,139
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,683
    Local Time:
    12:10 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah for now there is no better way as you understand it due to legacy Nginx vhost path structure used.

    Just to put things in perspective, no Nginx YUM or APT package install from official distros include any jailed/chroot user options from out of the box installs as well unless you specifically configure for it and modify the default setups that those packages initially install. It's the same for Centmin Mod Nginx right now until jailed/chroot features come.
     
  14. Robert

    Robert New Member

    8
    1
    3
    Sep 7, 2014
    Ratings:
    +1
    Local Time:
    7:40 AM
    Nginx 1.7.4
    MariaDB 5.5
    :) Thank you for addressing my concerns.
    Really appreciate it.
     
  15. eva2000

    eva2000 Administrator Staff Member

    53,614
    12,139
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,683
    Local Time:
    12:10 PM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Yeah I understand, it's why I planned for jailed/chroot users to plug that missing aspect of Centmin Mod Nginx left over from original Centmin structure :)