CODEWITHSUNDEEP
phpnginx
Dave
Dave

Reputation: 187

PHP FastCGI Permission Issue

I've installed nginx on a fresh Ubuntu 18.04 server. Its for an osTicket installation if that matters at all. I put all the files in the /var/www/html directory and setup my sites-available/enabled. But when I go to the site I get an Access Denied message and the error log shows:

2019/04/07 13:50:24 [error] 17708#17708: *1 FastCGI sent in stderr:
"PHP message: PHP Warning:  Unknown: failed to open stream: Permission
denied in Unknown on line 0
Unable to open primary script: /var/www/html/upload/index.php
(Permission denied)" while reading response header from upstream,
client: [my IP], server: server.domain.local, request: "GET / HTTP/1.1",
upstream: "fastcgi://unix:/run/php/php7.2-fpm.sock:", host: "server.domain.local"

Already made sure all directories from /var/www/html down have www-data:www-data and +x.

/etc/nginx/sites-available/osticket.conf

server {
  listen 80;
        server_name server.domain.local;

        root   /var/www/html/upload/;

        access_log  /var/log/nginx/access.log;
        error_log  /var/log/nginx/error.log;

        index index.php;
        client_max_body_size 2000M;
        client_body_buffer_size 100M;
        client_header_buffer_size 10M;
        large_client_header_buffers 2 10M;
        client_body_timeout 12;
        client_header_timeout 12;
        keepalive_timeout 15;
        send_timeout 10;
        gzip             on;
        gzip_comp_level  2;
        gzip_min_length  1000;
        gzip_proxied     expired no-cache no-store private auth;
        gzip_types       text/plain application/x-javascript text/xml text/css application/xml;

        set $path_info "";

        location ~ /include {
          deny all;
          return 403;
       }

       if ($request_uri ~ "^/api(/[^\?]+)") {
         set $path_info $1;
       }

       location ~ ^/api/(?:tickets|tasks).*$ {
        try_files $uri $uri/ /api/http.php?$query_string;
       }

       if ($request_uri ~ "^/scp/.*\.php(/[^\?]+)") {
          set $path_info $1;
       }

       location ~ ^/scp/ajax.php/.*$ {
          try_files $uri $uri/ /scp/ajax.php?$query_string;
       }

       location / {
          try_files $uri $uri/ index.php;
       }

       location ~ \.php$ {
           fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
           include        fastcgi_params;
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
        fastcgi_param  PATH_INFO    $path_info;
      }
}

User portion of /etc/php/7.2/fpm/pool.d/www.conf

; Unix user/group of processes
user = www-data
group = www-data

Upvotes: 1

Views: 4027

Answers (1)

Dave
Dave

Reputation: 187

Well, I jumped straight to configs and other ideas. Forgot to KISS. For whatever reason, the files from the osTicket download came with 755 permissions on the folders, but absolutely no permissions on the files. Did a chmod 755 on everything and now its good.

Upvotes: 1

Related Questions