Score:0

Server

Nginx php-fpm 1 of 3 pools not working: returns stat() failed (13: Permission denied)

lion

5/18/23, 10:09 AM

I have nginx with 3 pools for php7.4-fpm - one for each of 3 users on the system as they have their own apps and files. The setup of all 3 is completely identical, but the recently added one has some permission problem.

Browser returns error 404 - Not Found.

Error returned in nginx log:

2022/01/18 09:32:16 [crit] 504237#504237: *5120 stat() "/var/www/user3/websites/site.com/index.php" failed (13: Permission denied), client: XXX.XXX.XXX.XXX, server: site.com, request: "GET / HTTP/2.0", host: "site.com"

sudo -u user3 stat /var/www/user3/websites/site.com/index.php

returns

  File: /var/www/user3/websites/site.com/index.php
  Size: 405         Blocks: 8          IO Block: 4096   regular file
Device: 807h/2055d  Inode: 1441895     Links: 1
Access: (0644/-rw-r--r--)  Uid: ( 1003/ user3)   Gid: ( 1003/ user3)
Access: 2022-01-17 20:32:08.081267396 +0000
Modify: 2020-04-26 21:46:41.000000000 +0000
Change: 2022-01-18 09:35:09.129994390 +0000

Pool config:

[php7.4-user3]

user = user3
group = user3

listen = 127.0.0.1:9003
listen.owner = nobody
listen.group = nobody
listen.allowed_clients = 127.0.0.1

pm = ondemand
pm.max_children = 24
pm.start_servers = 16
pm.min_spare_servers = 6
pm.max_spare_servers = 24
pm.process_idle_timeout = 900s
pm.max_requests = 55

php_admin_value[error_log] = /var/log/fpm-php7.4.log
php_admin_flag[log_errors] = on
php_admin_value[error_reporting] = E_ALL & ~E_NOTICE & ~E_WARNING & ~E_STRICT & ~E_DEPRECATED

The other pools are pretty much the same, except pool name, user and group are user1, user2 and the listen port is different like for example 9001, 9002, 9003, hence the x in the config.

virtual host config

server {
    server_name site.com   www.site.com;

    access_log /var/log/nginx/site.com.access.log; 
    error_log /var/log/nginx/site.com.error.log;

    root /var/www/user3/websites/site.com;

    index index.php index.html index.htm;

    location / {
      try_files $uri $uri/ /index.php?$args;
    }
    location ~ \.php$ {
      try_files $uri =404;
      include fastcgi_params;
      fastcgi_pass 127.0.0.1:9003;
    }

    listen 443 ssl http2;
    ssl_certificate /etc/letsencrypt/live/site.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/site.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
    if ($host = www.site.com) {
        return 301 https://$host$request_uri;
    }
    if ($host = site.com) {
        return 301 https://$host$request_uri;
    }
    listen XXX.XXX.XXX.XXX:80;
    server_name site.com   www.site.com;
    return 404;
}

What am I missing for user3, so nginx and fpm work? The same config for user1 and user2 works fine.

103

0 + 0

permissions

nginx

php-fpm

pool

php7

AlexD

5/18/23, 10:26 AM

Check that `user3` can access (has +x permissions) all directories in the tree `/var/www/user3/websites/site.com`. This includes `/var`, `/var/www` etc.

AlexD

5/18/23, 10:38 AM

Actually, not `user3` but nginx user.

Gerald Schneider

5/18/23, 11:06 AM

You can check that easily by running `namei -l /var/www/user3/websites/site.com/index.php`.

lion

5/18/23, 11:14 AM

How to do this without affecting the actual user:group owner's permissions?

lion

5/18/23, 11:25 AM

OK. Appears the folder /var/www/user3 had 750 permissions instead of 755. Now it works. Thanks!

Score:0

Server

lion

5/18/23, 11:25 AM

Appears the folder /var/www/user3 had 750 permissions instead of 755. Now it works.

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Nginx php-fpm 1 of 3 pools not working: returns stat() failed (13: Permission denied)

TH: Nginx php-fpm 1 จาก 3 พูลไม่ทำงาน: ส่งคืน stat() ล้มเหลว (13: ปฏิเสธการอนุญาต)

RO: Nginx php-fpm 1 din 3 pool-uri nu funcționează: returnează stat() eșuat (13: Permisiune refuzată)

RU: Nginx php-fpm 1 из 3 пулов не работает: возвращает stat () с ошибкой (13: разрешение отклонено)

VI: Nginx php-fpm 1 trong 3 nhóm không hoạt động: trả về stat() không thành công (13: Quyền bị từ chối)

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.