How to resolve Nginx dav PUT request failed on rename() with (13: Permission denied)?

classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|

How to resolve Nginx dav PUT request failed on rename() with (13: Permission denied)?

C. Jacobs
When trying to PUT an index.html file in the root of an already existing folder, nginx fails with:

[crit] 1181#0: *1 rename() "/opt/spool/nginx/client_temp/1/0000000001” to "/opt/share/www/domain.tld/index.html-3hlCQ9iE" failed (13: Permission denied), client: 1.2.3.9, server: host.domain.tld, request: "PUT /www/domain.tld/index.html-3hlCQ9iE HTTP/1.1", host: "172.21.2.2"

Environment

• Nginx-extras 1.13.6-1 from entware-3x repo
• running on Padavan firmware.
• Nginx.conf: user www-rw www-w;
• grep www-rw /etc/passwd
  www-rw:x:1000:1001:Linux User,,,:/opt/share/www:/bin/sh
• grep www-w /etc/group
  www-w:x:1001:
• ls -l /opt/share/www
  drw-rw-r-- 2 www-rw www-w 4096 Feb 9 13:51 domain.tld
• ls -al /opt/share/www/domain.tld
  drw-rw-r-- 2 www-rw www-w 4096 Feb 9 13:51 .
  drwxr-xr-x 4 www-rw www-w 4096 Feb 9 13:51 ..
• ls -l /opt/spool/nginx
  drwxrwxrwx 7 www-rw root 4096 Feb 9 22:46 client_temp
• ls -l /opt/spool/nginx/client_temp
  drwx------ 2 www-rw www-w 4096 Feb 9 22:28 5
• client: Cyberduck/6.3.3.27341
• client-user: www-rw

Nginx.conf
---
server {
    location /www {
        root                  /opt/share;

        client_body_temp_path /opt/spool/nginx/client_temp 1;
        dav_methods PUT DELETE MKCOL COPY MOVE;
        dav_ext_methods PROPFIND OPTIONS;
        # allow creating directories
        create_full_put_path  on;
        dav_access  user:rw  group:r  all:r;
        autoindex   on;
    }
}
---

Regression
• user nobody nogroup;
• dav_access user:rw group:r all:r;
• #autoindex ...
• client-user: admin

What should I fix (in the permissions?) to resolve the Nginx dav permission denied errors?

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx

signature.asc (499 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: How to resolve Nginx dav PUT request failed on rename() with (13: Permission denied)?

Francis Daly
On Sun, Feb 11, 2018 at 12:17:38AM +0100, C. Jacobs wrote:

Hi there,

Not specifically tested, but...

> [crit] 1181#0: *1 rename() "/opt/spool/nginx/client_temp/1/0000000001” to "/opt/share/www/domain.tld/index.html-3hlCQ9iE" failed (13: Permission denied), client: 1.2.3.9, server: host.domain.tld, request: "PUT /www/domain.tld/index.html-3hlCQ9iE HTTP/1.1", host: "172.21.2.2"

> • ls -l /opt/share/www
>   drw-rw-r-- 2 www-rw www-w 4096 Feb 9 13:51 domain.tld

...add "x" permissions there.

That is, "chmod 775 (or 755) /opt/share/www/domain.tld"

> What should I fix (in the permissions?) to resolve the Nginx dav permission denied errors?

"x" on a directory is needed for some things that you might naively
think should only need "w".

        f
--
Francis Daly        [hidden email]
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx