nginx_apache 403 errors - ruid?

[itsensellc]

Hello,

I converted my webserver over from apache using mod_ruid2 to nginx_apace and now I'm getting 403 errors on static files owned by the user. Presumably this is because Apache was using ruid2 but I can't imagine nginx doesn't have the same concept or this would be a massive oversight.

Anyone run into something like this and/or know how to fix it without reverting back to apache?

Thanks,
JP

 

[Richard G]

You only changed to nginx? Did not changed to php-fpm? Or installed multiple php versions?

 

[itsensellc]

You only changed to nginx? Did not changed to php-fpm? Or installed multiple php versions?

I already had FPM and multiple versions. BUT - I'm not having any issues related to PHP. This seems to only be issues related to pulling static files. Even weirder it's not across the board.

 

[Zhenyapan]

custom nginx templates? try to rewrite confs

 

[itsensellc]

custom nginx templates? try to rewrite confs

Nope nothing is custom. It's just standard confs produced by the custombuild process. They were just built fresh last night when I converted over. I'm still thinking that Nginx operates under the process user and that's a big issue when you're coming from ruid2.

 

[Richard G]

I already had FPM and multiple versions.

Check if mod_ruid2 is active, you shouldn't use that with multiple php versions and not in combination with php-fpm either.

Check /usr/local/directadmin/custombuild/options.conf
set mod_ruid2 to no and then try the:
./build update
and
./build rewrite_confs
again and see if that fixes things.

 

[itsensellc]

Check if mod_ruid2 is active, you shouldn't use that with multiple php versions and not in combination with php-fpm either.

Check /usr/local/directadmin/custombuild/options.conf
set mod_ruid2 to no and then try the:
./build update
and
./build rewrite_confs
again and see if that fixes things.

Fair point - that did not solve anything though. The only way I could solve it for this particular user is permissions.

 

[Richard G]

Please don't quote full posts to keep things a bit cleaner.

User permissions, what are they now?
Normally on php-fpm they should also be owned by the user.

There is however a script to restore the permissions which should be there. If i'm correct it's this:

cd /usr/local/directadmin/scripts
./set_permissions.sh user_homes

you can also use:
./set_permissions.sh all_with_domaindirs

 

[itsensellc]

Mind you we are talking static files so FPM doesn't really come into play here. Just raw HTTP requests to files that were previously served by Apache but in the hybrid setup are now being serve by NGINX. Generally speaking subfolders that were formerly 750 and files that were formerly 640 had to be changed to 755 and 644. In both cases, these are owned by the user's account. So it seems as though NGINX is reading through the worker process user which is why the other permissions needed to be altered. Not a huge fan of this but from what I'm reading it is what it is.