Permissions on a folder stopping Nginx from starting

Question

I am fairly new to Linux. I have a couple of websites that I want to host on my CentOS 7 VPS with Nginx.

Nginx ought to start on start up, but it is failing due to some permissions issue, I know what file has the issue, but I don't know what the permissions should be in order to make Nginx happy.

I've captured what is happening in a screencast.

What am I missing? As you can see from the screencast, nginx:nginx is the set user and group for all the files within the site's directory.

I assume I do not need a www-data user and group, because Nginx has its own user and group (nginx:nginx)?

Answer 1

CentOS uses SELinux to confine http server. When you use non-default configuration (log files in non-typical locations, enable server side scripting, etc.) you likely need to tune SELinux policy.

SELinux logs policy access denials in audit log (/var/log/audit/audit.log) and default tools for suggestions and policy generation include audit2why and audit2allow.

Usual steps for solving SELinux permission issues include tuning policy booleans or(/and) add and apply file labeling rules. I've explained the topic more generally and in detail for question: Configure SELinux to allow daemons to use files in non-default locations.

I recommend checking what audit2allow suggests. Your issue might be solved by enabling a boolean policy option. If boolean tuning isn't enough, you need to add file labeling rules. For right file contexts consult httpd_selinux man page.