Search code examples
nginxpermissionsserverfile-permissionsubuntu-server

Cannot stat 'direction', permission denied when permission's are set

Bear with me I am still new to Linux. I have a web server that is trying to access a public folder under a users account.

Problem

I am running an nginx server that is trying to access the maintenance page within an applications shared public folder and receives permission denied errors.

Basics

Application user: quotr
Webserver user: ubuntu
Application users primary group: app
Webserver users primary group: www-data

Application home: /home/quotr/app
Application shared public folder: /home/quotr/app/shared
Absolute path of maintenance file: /home/quotr/app/shared/public/system/maintenance.html

Groups:

I initially only added the www-data group to the app group hoping to fix the issue. When that didn't work, I also added the group going the other way.

www-data:x:33:apache,quotr
ubuntu:x:1000:
app:x:1001:quotr,ubuntu,www-data

Ownership

The ownership for the whole application tree belong to quotr:app. When I started receiving the permission problems, I changed the ownership along the highlighted portion of the path to the maintenance page (/home/quotr/app/shared/public/system/maintenance.html) to quotr:www-data.

Permissions

Starting at /var/www/quotr-public and working our way down: 

# ls -la
drwxr-xr-x 4 quotr www-data 4096 Mar  3 21:49 .
drwxr-xr-x 5 quotr www-data 4096 Mar  3 21:49 ..
drwxr-xr-x 5 quotr www-data 4096 Mar  4 16:00 assets
drwxr-xr-x 3 quotr www-data 4096 Mar  4 19:03 system

# cd to system ls -la
drwxr-xr-x 3 quotr www-data 4096 Mar  4 19:03 .
drwxr-xr-x 4 quotr www-data 4096 Mar  3 21:49 ..
-rwxr-x--- 1 quotr www-data 3004 Mar  4 19:03 maintenance.html
drwxr-xr-x 3 quotr www-data 4096 Mar  3 21:51 pictures

Testing

I am testing the permissions using the following command:

sudo -u www-data stat /home/quotr/app/shared/public/

which results in permission denied.

Last Ditch

As a last ditch attempt, I created the following symlink:

quotr-public -> /home/quotr/app/shared/public/

Which I am able to run the following successfully but no deeper:

sudo -u www-data stat /var/www/quotr-public

I am at a complete loss of what the problem is at this point. Any guidance would be greatly appreciated.

Edit 1

I have continued farting around with permissions so these might be a little difference, but please find below the output requested. Output of 'namei -lx /home/quotr/app/shared/public/system/maintenance.html'

Drwxr-xr-x root  root     /
drwxr-xr-x root  root     home
drwx------ quotr app      quotr
drwxr-xr-x quotr app      app
drwxr-xr-x quotr www-data shared
drwxr-xr-x quotr www-data public
drwxr-xr-x quotr www-data system
-rw-r--r-- quotr app      maintenance.html

Output of 'namei -lx /var/www/quotr-public/system/maintenance.html '

Drwxr-xr-x root   root     /
drwxr-xr-x root   root     var
drwxrwsr-x root   www-data www
lrwxrwxrwx ubuntu www-data quotr-public -> /home/quotr/app/shared/public/
Drwxr-xr-x root   root       /
drwxr-xr-x root   root       home
drwx------ quotr  app        quotr
drwxr-xr-x quotr  app        app
drwxr-xr-x quotr  www-data   shared
drwxr-xr-x quotr  www-data   public
drwxr-xr-x quotr  www-data system
-rw-r--r-- quotr  app      maintenance.html

Thanks.

Solution

  • The problem ended up being that the group execute permission was missing from the /home/quotr/ directory. After running

    chmod g+x quotr

    The problem was resolved.