Question

我有以下设置：

NGINX 1.6.2, Rails 4, Unicorn, Capistrano 3.1

我在/var/log/nginx/error.log

中收到以下错误

2015/01/03 22:27:13 [crit] 49826#0: *77 stat() "/home/mjp/apps/mjp-portal_staging/current/public//index.html" failed (13: Permission denied), client: 182.178.190.121, server: 185.48.117.98, request: "GET / HTTP/1.1", host: "185.48.117.98"
2015/01/03 22:27:13 [crit] 49826#0: *77 stat() "/home/mjp/apps/mjp-portal_staging/current/public/" failed (13: Permission denied), client: 182.178.190.121, server: 185.48.117.98, request: "GET / HTTP/1.1", host: "185.48.117.98"
2015/01/03 22:27:13 [crit] 49826#0: *77 connect() to unix:/tmp/unicorn.mjp-portal_staging.sock failed (13: Permission denied) while connecting to upstream, client: 182.178.190.121, server: 185.48.117.98, request: "GET / HTTP/1.1", upstream: "http://unix:/tmp/unicorn.mjp-portal_staging.sock:/", host: "185.48.117.98"
2015/01/03 22:27:13 [crit] 49826#0: *77 stat() "/home/mjp/apps/mjp-portal_staging/current/public/500.html/index.html" failed (13: Permission denied), client: 182.178.190.121, server: 185.48.117.98, request: "GET / HTTP/1.1", upstream: "http://unix:/tmp/unicorn.mjp-portal_staging.sock/", host: "185.48.117.98"
2015/01/03 22:27:13 [crit] 49826#0: *77 stat() "/home/mjp/apps/mjp-portal_staging/current/public/500.html" failed (13: Permission denied), client: 182.178.190.121, server: 185.48.117.98, request: "GET / HTTP/1.1", upstream: "http://unix:/tmp/unicorn.mjp-portal_staging.sock/", host: "185.48.117.98"
2015/01/03 22:27:13 [crit] 49826#0: *77 connect() to unix:/tmp/unicorn.mjp-portal_staging.sock failed (13: Permission denied) while connecting to upstream, client: 182.178.190.121, server: 185.48.117.98, request: "GET / HTTP/1.1", upstream: "http://unix:/tmp/unicorn.mjp-portal_staging.sock:/500.html", host: "185.48.117.98"
2015/01/03 22:27:14 [crit] 49826#0: *77 stat() "/home/mjp/apps/mjp-portal_staging/current/public/favicon.ico/index.html" failed (13: Permission denied), client: 182.178.190.121, server: 185.48.117.98, request: "GET /favicon.ico HTTP/1.1", host: "185.48.117.98"
2015/01/03 22:27:14 [crit] 49826#0: *77 stat() "/home/mjp/apps/mjp-portal_staging/current/public/favicon.ico" failed (13: Permission denied), client: 182.178.190.121, server: 185.48.117.98, request: "GET /favicon.ico HTTP/1.1", host: "185.48.117.98"
2015/01/03 22:27:14 [crit] 49826#0: *77 connect() to unix:/tmp/unicorn.mjp-portal_staging.sock failed (13: Permission denied) while connecting to upstream, client: 182.178.190.121, server: 185.48.117.98, request: "GET /favicon.ico HTTP/1.1", upstream: "http://unix:/tmp/unicorn.mjp-portal_staging.sock:/favicon.ico", host: "185.48.117.98"
2015/01/03 22:27:14 [crit] 49826#0: *77 stat() "/home/mjp/apps/mjp-portal_staging/current/public/500.html/index.html" failed (13: Permission denied), client: 182.178.190.121, server: 185.48.117.98, request: "GET /favicon.ico HTTP/1.1", upstream: "http://unix:/tmp/unicorn.mjp-portal_staging.sock/favicon.ico", host: "185.48.117.98"
2015/01/03 22:27:14 [crit] 49826#0: *77 stat() "/home/mjp/apps/mjp-portal_staging/current/public/500.html" failed (13: Permission denied), client: 182.178.190.121, server: 185.48.117.98, request: "GET /favicon.ico HTTP/1.1", upstream: "http://unix:/tmp/unicorn.mjp-portal_staging.sock/favicon.ico", host: "185.48.117.98"
2015/01/03 22:27:14 [crit] 49826#0: *77 connect() to unix:/tmp/unicorn.mjp-portal_staging.sock failed (13: Permission denied) while connecting to upstream, client: 182.178.190.121, server: 185.48.117.98, request: "GET /favicon.ico HTTP/1.1", upstream: "http://unix:/tmp/unicorn.mjp-portal_staging.sock:/500.html", host: "185.48.117.98"

我已尝试以nginx，root和mjp作为用户运行nginx，但我收到了同样的错误。

即使nginx也没有从sites-enabled/symlink-to-deploy-root-shared-config-nginx.conf创建服务器，尽管它确实包含在nginx -t测试中。

我做错了什么？

Answer 1

我得到了它的工作。实际上它并不是目录的权限错误。

我停止了nginx服务，然后以sudo nginx启动它，通过它我可以运行应用程序，一切正常。但是，当我试图通过sudo service nginx start将其作为服务运行时，它会因为根目录和权限而拒绝了上述错误。套接字。

我在服务器故障上发布了同样的问题，很幸运能得到答案。

以下是answer：

这是一个selinux问题。

当你运行sudo nginx时，它会在运行时以unconfined_t启动nginx   sudo service nginx start nginx以httpd_t开头。

最初只是以sudo开头，它创建了一堆文件和   将其状态初始化为unconfined_t。例如，pid文件将   是错误的背景。因此当使用服务nginx停止终止时   httpd_t没有足够的权限来读取写入的文件   由unconfined_t。

你应该总是开始使用服务来避免这种情况   问题。要更正它，您需要重新标记有状态文件   存在于文件系统中，例如运行restorecon /var/run/nginx.pid将更正该pid上的错误标签集   文件。

我不确定是否还有更多文件可以写出来   创建的服务也需要更正。你可以得到一个   这些文件可能正在执行的文件列表ausearch -ts recent -m avc。

＆＃39; sudo nginx＆＃39; vs＆＃39; sudo service nginx start＆＃39;

1 个答案: