I am new to system administration. After installing nginx via puppet on Ubuntu I get the following output:
[alert] could not open error log file: open() "/var/log/nginx/error.log" failed (13: Permission denied)
[warn] 1898#0: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:1
[emerg] 1898#0: open() "/var/log/nginx/access.log" failed (13: Permission denied)
How do I get rid of all of these messages?
I don't want to use command line directly (chown / chmod) and repeat it every time I create a new server. Therefore, I am thinking of what has to be added to the puppet manifest.
What is the best sysadmin practice in this case: to change owner / permissions for /var/log/nginx or to store logs in different location? If chown / chmod is the way to go, which specific permissions would ensure the highest level of security?
I tried this, but it didn't help:
file { '/var/log/nginx':
ensure => directory,
mode => '0755',
owner => 'www-data',
group => 'www-data',
recurse => true
}
Edited:
vagrant@precise64:~$ ps aux | grep [n]ginx
root 1001 0.0 0.1 62908 1388 ? Ss 08:47 0:00 nginx: master process /usr/sbin/nginx
www-data 1002 0.0 0.1 63260 1696 ? S 08:47 0:00 nginx: worker process
www-data 1003 0.0 0.1 63260 1696 ? S 08:47 0:00 nginx: worker process
www-data 1004 0.0 0.1 63260 1696 ? S 08:47 0:00 nginx: worker process
www-data 1005 0.0 0.1 63260 1696 ? S 08:47 0:00 nginx: worker process
I faced similar issue while restarting Nginx and found it to be a cause of SeLinux. Be sure to give a try after either disabling SeLinux or temporarily setting it to Permissive mode using below command:
setenforce 0
I hope it helps :)
Permission to view log files is granted to users being in the group adm.
To add a user to this group on the command line issue:
sudo usermod -aG adm <USER>
if you don't want to start nginx as root.
first creat log file :
sudo touch /var/log/nginx/error.log
and then fix permissions:
sudo chown -R www-data:www-data /var/log/nginx
sudo find /var/log/nginx -type f -exec chmod 666 {} \;
sudo find /var/log/nginx -type d -exec chmod 755 {} \;
For me, I just changed the selinux from enforcing to permissive and then I was able to start nginx without any error.
I just patch nginx binary replacing path /var/log/nginx/error.log and other with local path.
$ perl -pi \
-e 's@/var/log/nginx/@_var_log_nginx/@g;' \
-e 's@/var/lib/nginx/@_var_lib_nginx/@g;' \
-e 's@/var/run/nginx.pid@_var_run/nginx.pid@g;' \
-e 's@/run/nginx.pid@_run/nginx.pid@g;' \
< /usr/sbin/nginx > nginx
$ chmod +x nginx
$ mkdir _var_log_nginx _var_lib_nginx _var_run _run
$ ./nginx -p . -c nginx.conf
It works for testing.
This works for me,
sudo chmod -R 777 /var/log/nginx
If i assume that your second code is the puppet config then i have a logical explaination, if the error and log files were create before, you can try this
sudo chown -R www-data:www-data /var/log/nginx;
sudo chmod -R 755 /var/log/nginx;
just because you don't have the right to acess the file , use
chmod -R 755 /var/log/nginx;
or you can change to sudo then it
Make sure you are running the test as a superuser.
sudo nginx -t
Or the test wont have all the permissions needed to complete the test properly.
Nginx needs to run by command 'sudo /etc/init.d/nginx start'
On Debian WSL (Windows Subsystem for Linux) I had to use:
sudo chmod -R 775 /var/log/nginx
Source: Stackoverflow.com