设置了 WEB 目录 777 权限， nginx 依旧提示 403. 求大神解析。

[root@localhost ~]# tail -f /var/log/nginx/error.log 
2015/05/27 10:28:44 [error] 1016#0: *3 open() "/home/hobby/service/index.html" failed (13: Permission denied), client: 192.168.56.1, server: lumentest, request: "GET / HTTP/1.1", host: "lumentest"
2015/05/27 10:28:47 [error] 1016#0: *3 open() "/home/hobby/service/index.html" failed (13: Permission denied), client: 192.168.56.1, server: lumentest, request: "GET / HTTP/1.1", host: "lumentest"

lzk800

2015-05-27 11:05:31 +08:00

nginx的配置文件发出来看看

hobbyliu

2015-05-27 11:11:41 +08:00

```
user nginx;
worker_processes 1;

error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;

pid /run/nginx.pid;

events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
#tcp_nopush on;

#keepalive_timeout 0;
keepalive_timeout 65;

#gzip on;

index index.html index.htm;

# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
=====================================
server {
listen 80;
server_name lumentest;
root /home/hobby/service;
#root /usr/share/nginx/html;
index index.html index.htm;

#charset koi8-r;

#access_log logs/host.access.log main;

location / {
}

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root /home/hobby/service;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi_params;
}
```

hobbyliu

2015-05-27 11:12:36 +08:00

@lzk800

```
user nginx;
worker_processes 1;

error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;

pid /run/nginx.pid;

events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
#tcp_nopush on;

#keepalive_timeout 0;
keepalive_timeout 65;

#gzip on;

index index.html index.htm;

# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
=====================================
server {
listen 80;
server_name lumentest;
root /home/hobby/service;
#root /usr/share/nginx/html;
index index.html index.htm;

#charset koi8-r;

#access_log logs/host.access.log main;

location / {
}

#error_page 404 /404.html;

# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}

# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}

# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root /home/hobby/service;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name;
include fastcgi_params;
}
```

lzk800

2015-05-27 11:15:24 +08:00

user nginx

你确认一下系统中是否有nginx这个用户

Csineneo

2015-05-27 11:17:02 +08:00

把 /home/hobby/service 從 /home 裡面移出去

a842543374

2015-05-27 11:19:25 +08:00

1.看一下上一级目录的权限
2.如果是centos,看一下selinux是否关闭了

hobbyliu

2015-05-27 11:19:59 +08:00

@lzk800 确实没有NGINX用户，我注释掉此行？还是换成 user www?

Dk2014

2015-05-27 11:21:07 +08:00

chown -R nginx /home/hobby/service
chown -R nginx /var/log/nginx
service nginx restart

czheo

2015-05-27 11:22:03 +08:00

chmod 755 /home
chmod 755 /home/hobby

abcfyk

2015-05-27 11:23:12 +08:00

如果是production环境，建议保持现状。访问程序目录应当是403的，这是安全问题。
如果是开发环境，一个要看目录权限，看看nginx.conf的user是谁，可以把www目录chown user:user www 一下，第二看看访问目录下的文件是否正常。正常的话就不是文件夹权限的问题，是nginx配置的问题。可以加一句 allow from all; 不过产品环境千万别加。

lsj5031

2015-05-27 11:28:14 +08:00

哈，其实因为你的网站放在home下了，home下面子目录好像默认没有x权限，别的用户cd不进去的。

wesley

2015-05-27 11:28:50 +08:00

fastcgi_pass没设置

hobbyliu

2015-05-27 11:31:31 +08:00

@lsj5031 但是我设置 /home/hobby 777 ,为何还是不行呢

lsj5031

2015-05-27 11:42:04 +08:00

@hobbyliu 我这么说是因为前几天我也是弄个玩具的时候碰到同样的问题一路追踪下来还是home子目录的权限问题。你也可以看看现在 nginx是什么用户跑，然后看看这个用户是否有权限一步一步访问到绝对路径上上的每一个目录。我是用sudo -u 加 ls 测试的……
777始终是要改掉的……你这变量控制得太暴力了

Keinez

2015-05-27 11:56:35 +08:00

其他人说配置问题，我说下777。你这个777等于所有者+组+其他用户都有权限读写执行……最好不要这么干。

详见：
http://en.wikipedia.org/wiki/Chmod

lincanbin

2015-05-27 11:58:29 +08:00

chown -r更改所有者为nginx的运行用户

mytharcher

2015-05-27 12:01:10 +08:00

前天刚碰到这个问题，手贱把 `/home/自己` 目录设为了 700（所有网站项目挂在自己的目录下），结果查了半天才发现，改回 755 就可以了。

hzqim

2015-05-27 17:22:58 +08:00

您的网站是静态吗？
如果是php程序，
那么 index 项目必须这样
index index.php index.html index.htm;
您不指定index.php，nginx就去家中index.html，但是您的index.html 不存在。。。

hsyu53

2015-05-28 00:01:36 +08:00

配置fastcgi_pass，使之与/etc/php5/fpm/pool.d/www.conf中listen项一致。本机上建议用unix socket

这是一个专为移动设备优化的页面（即为了让你能够在 Google 搜索结果里秒开这个页面），如果你希望参与 V2EX 社区的讨论，你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/194046