3

I have set up a system to use NGINX and Passenger. I used RVM single-user installation for Ruby. In the NGINX file, I specified that Passenger should run as the user that owns the application directory and its subdirectories and files. Everything works, as long as I allow execution privileges for other users:

drwxr-x--x 15 dog_park dog_park 4096 Apr 19 01:27 dog_park/

I don't understand why this should be the case. The following is specified in /etc/nginx/sites-enabled/default:

        root /var/www/dog_park/public;

        # Turn on Passenger
        passenger_enabled on;
        passenger_user dog_park;
        passenger_ruby /home/dog_park/.rvm/gems/ruby-3.2.2/wrappers/ruby;

If I do not allow execution privileges to other users, I see the following in /var/log/nginx/error.log:

2023/04/20 00:34:25 [crit] 1118#1118: *1 stat() "/var/www/dog_park/public/" failed (13: Permission denied), client: <client IP>, server: _, request: "GET / HTTP/1.1", host: "<server IP>"

Any ideas would be a big help.

dcgenjin
  • 1,108
  • 3
  • 12
  • 25

1 Answers1

2

Looks like nginx (as a different user) is trying to inspect the directory. The stat() in the error message is this system call.

From the linked docs:

No permissions are required on the file itself, but-in the case of stat() and lstat() - execute (search) permission is required on all of the directories in path that lead to the file.

pidge
  • 1,037
  • 9
  • 26
  • pidge was exactly right, I needed to add the user NGINX uses (www-data on this system) to the same group as the application's user and then it worked – dcgenjin Apr 23 '23 at 00:51